Full Disclosure mailing list archives
RE: Vulnerability in sourceforge.net
From: "Todd Towles" <toddtowles () brookshires com>
Date: Wed, 21 Jul 2004 09:34:32 -0500
-----Original Message----- From: nicolas vigier [mailto:boklm () mars-attacks org] Sent: Wednesday, July 21, 2004 9:16 AM To: Todd Towles Cc: 'Alexander'; full-disclosure () lists netsys com Subject: Re: [Full-disclosure] Vulnerability in sourceforge.net On Wed, 21 Jul 2004, Todd Towles wrote:
I would call that a Directory Traversal Vulnerability, if it allows a user to read files that he doesn't have permission to read.
Yes, but your can also read theses files if you have an account on sourceforge.net (and it's easy to get one), so that's not a very big vulnerability. And the vulnerability does not come from sourceforge, but from the "Smart BootManager" project's webpage hosted on sourceforge. Anyway, it might be a good idea for them to correct this :) It could allow someone with an account on sourceforge to put some files on it and include them on their website to have fake pages for example. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Vulnerability in sourceforge.net Alexander (Jul 21)
- Re: Vulnerability in sourceforge.net nicolas vigier (Jul 21)
- RE: Vulnerability in sourceforge.net Todd Towles (Jul 21)
- Re: Vulnerability in sourceforge.net nicolas vigier (Jul 21)
- RE: Vulnerability in sourceforge.net Todd Towles (Jul 21)
- Message not available
- Re: Vulnerability in sourceforge.net nicolas vigier (Jul 21)
- Re: Vulnerability in sourceforge.net Buick Sk (Jul 21)
- RE: Vulnerability in sourceforge.net Todd Towles (Jul 21)
- Re: Vulnerability in sourceforge.net nicolas vigier (Jul 21)
- <Possible follow-ups>
- RE: Vulnerability in sourceforge.net Andrew Poodle (Jul 21)
- Re: Vulnerability in sourceforge.net Dan Duplito (Jul 21)
- RE: Vulnerability in sourceforge.net Todd Towles (Jul 22)
- Re: Vulnerability in sourceforge.net Gregory A. Gilliss (Jul 22)
- Re: Vulnerability in sourceforge.net Jedi/Sector One (Jul 22)
- RE: Vulnerability in sourceforge.net Todd Towles (Jul 22)
- Re: Vulnerability in sourceforge.net Anders B Jansson (Jul 22)
- Re: Vulnerability in sourceforge.net steve menard (Jul 22)
- RE: Vulnerability in sourceforge.net Todd Towles (Jul 22)