> nicolas vigier <[EMAIL PROTECTED]> wrote: > > It's not a mis-configuration, this does not allow you to look at any > secret file, only the files that the user nobody can read.
well, user "nobody" has shell access (/bin/sh) and is allowed read access to /etc/passwd file and probably other system files as well. i'm wondering if the discoverer (Alexander) already informed the authors of the app... _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
