oss-sec mailing list archives
Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability
From: Oden Eriksson <oeriksson () mandriva com>
Date: Wed, 22 May 2013 22:49:19 +0200
onsdagen den 22 maj 2013 15.31.44 skrev Matthias Weckbecker:
On Wednesday 22 May 2013 13:44:09 Oden Eriksson wrote:onsdagen den 22 maj 2013 13.06.18 skrev Matthias Weckbecker:Hi, has anybody possibly already confirmed this? It might also be worth to assign a CVE to this if it turns out to be a reproducible issue.Confirmed here. Needed to use "lynx -dump ...".That's weird. But you've tried it *with* 'http://'? Otherwise you don't even generate a HTTP request. $ lynx -dump "127.0.0.1:/../../../etc/passwd" vs $ lynx -dump "http://127.0.0.1/../../../etc/passwd" I don't think this report is valid. Matthias
Whoops. You're right.
Current thread:
- Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability Matthias Weckbecker (May 22)
- Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability Oden Eriksson (May 22)
- Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability Vitezslav Cizek (May 22)
- Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability George Theall (May 22)
- Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability The Doctor (May 22)
- Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability Matthias Weckbecker (May 22)
- Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability Zate (May 22)
- Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability Oden Eriksson (May 22)
- Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability Vitezslav Cizek (May 22)
- Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability Tavis Ormandy (May 22)
- Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability Oden Eriksson (May 22)