On Wed, 21 Jul 2004, Alexander wrote: > Vulnerability in sourceforge.net. > > Remote user can read any files. Example:
Any file the webserver account can read. > http://btmgr.sourceforge.net/index.php3?body=../../../../../../usr/local > /apache/conf/httpd.conf This is not a vulnerability in sourceforge, but in on of the project's webpage. And anyone with a project on sourceforge can read the same files using his webspace. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
