Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: Sourceforge compromized?
From: "Eliah Kagan" <degeneracypressure () gmail com>
Date: Fri, 2 Feb 2007 11:52:49 -0500
If the content can be shown to be present due to the actions of the
YaPiG project site admins (e.g. using very weak passwords, being
fooled by a sourceforge.net phishing site that steals passwords,
putting the material up intentionally), a full code audit for
everything from sourceforge.net is probably not necessary.

-Eliah

On 2/2/07, Michael Scheidell <scheidell () secnap net> wrote:


http://yapig.sourceforge.net/demo/photos/photos2291.html

(no one under 18 should click on that link above, it may violate state
laws doing so)

Could someone from sourceforge.net comment? What else is compromised on
the server?

Can just anyone post anything to any directory or are there specific
directories that can be hacked?

Is it just yapig.sourceforge.net?

Either case, I should suggest everyone be careful about what you
download from sourceforge till they do a full code audit and post the
results here.

--
Michael Scheidell, CTO
SECNAP Network Security
561-999-5000 x 1131
www.secnap.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]