I would call that a Directory Traversal Vulnerability, if it allows a user to read files that he doesn't have permission to read.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of nicolas vigier Sent: Wednesday, July 21, 2004 3:00 AM To: Alexander Cc: [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] Vulnerability in sourceforge.net On Wed, 21 Jul 2004, Alexander wrote: > Vulnerability in sourceforge.net. > > Remote user can read any files. Example: Any file the webserver account can read. > http://btmgr.sourceforge.net/index.php3?body=../../../../../../usr/local > /apache/conf/httpd.conf This is not a vulnerability in sourceforge, but in on of the project's webpage. And anyone with a project on sourceforge can read the same files using his webspace. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
