If the user doesn't have shell access to the server, he can read all files that are accesible to http user.
Click Filters->Incoming and put:
from-file ~/../../../../../../../etc/passwd ok
then click "Save". Then You can see this file in "Lists" tab.
It was tested in "no-su" mode.
Best Regards Maciej Bogucki
_________________________________________________ tmda-workers mailing list ([email protected]) http://tmda.net/lists/listinfo/tmda-workers
