[Full-Disclosure] Bytehoard File Disclosure VUlnerability Sequel
Chris Sharp
illectro2001 at yahoo.com
Tue Oct 28 02:09:10 GMT 2003
So I'm sure this passed over your inboxes in some form
or another....
http://www.securiteam.com/unixfocus/6L00L008KE.html
Just a standard directory traversal attack in an open
source, fixed rapidly like any good open source
project. Except that nobody really looked too hard at
the software, try going to
http://victim.com/bytehoard/files.inc.php
and you'll find the root directory of the host machine
revealsed to you, you can traverse the tree, but
downloading doesn't appear to work.
Kind of an embarressing bug to have in your software.
Just a FYI
Chris
__________________________________
Do you Yahoo!?
Exclusive Video Premiere - Britney Spears
http://launch.yahoo.com/promos/britneyspears/
Full-Disclosure is hosted and sponsored by Secunia.