mailing list archives
Re: Vulnerability in sourceforge.net
From: "Dan Duplito" <danduplito () techie com>
Date: Thu, 22 Jul 2004 07:36:58 +0800
nicolas vigier <boklm () mars-attacks org> wrote:
It's not a mis-configuration, this does not allow you to look at any
secret file, only the files that the user nobody can read.
well, user "nobody" has shell access (/bin/sh) and is allowed read access to /etc/passwd file and probably other system
files as well.
i'm wondering if the discoverer (Alexander) already informed the authors of the app...
Full-Disclosure - We believe in it.