Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Vulnerability in sourceforge.net
From: "Buick Sk" <buick () microlink com br>
Date: Wed, 21 Jul 2004 17:31:32 -0100

Hi,

It's not a mis-configuration, this does not allow you to look at any
secret file, only the files that the user nobody can read.

  this not vulnerability.. only read system (capture for attack??).... 
I sugestion for (others) administrator test/verify if missing configuration in
yours self... ;)

http://btmgr.sourceforge.net/index.php3?body=../../../../../../proc/{cpuinfo,version,...

/etc/passwd, /etc/{fs,mtab  and etc.. information into site...

good /proc/uptime this machine ;)

Buick Sk

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]