On Tue, Nov 27, 2001 at 06:18:56AM +0000, vuln-dev wrote: > GOBBLES@localhost:/tmp/awhttpd$ lynx -dump localhost:8000/../ >GOBBLES > Current directory is /tmp/awhttpd/ > > -rw------- 1 GOBBLES hackers 1786 Jul 21 14:34 [1]CHANGES > -rw------- 1 GOBBLES hackers 0 Nov 26 09:10 [2]GOBBLES By golly! The whole planet is vulnerable to this flaw ! And all the servers (even non-existing ones) display the content of *my* disk ! [renaud@bender renaud]$ lynx -dump www.nessus.org/../ Current directory is /home/renaud/ drwxrwxr-x 19 renaud renaud 4096 Nov 27 15:38 [1]Devel/ [renaud@bender renaud]$ lynx -dump foobarily/../ Current directory is /home/renaud/ drwxrwxr-x 19 renaud renaud 4096 Nov 27 15:38 [1]Devel/ Oh, wait... :) -- Renaud -- Renaud Deraison The Nessus Project http://www.nessus.org
This archive was generated by hypermail 2b30 : Tue Nov 27 2001 - 09:29:30 PST