[pLog-svn] [Lifetype Vulnerability] Very Serious File Disclosure Problem (read passwords/config whatever you want)
Oscar Renalias
oscar at renalias.net
Wed Feb 14 03:38:17 EST 2007
No, we're not going to openly tell you all how to do it. Suffice to
say that it can be used to reveal configuration files via a URL.
Looking at the fix should be enough to understand it.
On 14 Feb 2007, at 10:35, Ammar Ibrahim wrote:
> Can we have more info about this Vulnerability? I want to check if our
> servers are infected with it,
>
> Ammar
>
> On 2/13/07, Matt Wood <matt at woodzy.com> wrote:
>> Dev List,
>>
>> There exists a very serious file disclosure vulnerability within
>> the RSS engines that allows anyone to read the contents of files
>> considered to be secure.
>>
>> I highly suggest that everyone turn off all RSS off at the moment.
>>
>> I also suppose you will want to let other people know, I don't
>> really have the time to mess with the forums warning people.
>>
>> Oscar / Jon, I will contact you separately later tonight as this
>> vulnerability compromises www.lifetype.net... and I don't really
>> want our new server to get hosed.
>>
>> -Matt
>>
>> _______________________________________________
>> pLog-svn mailing list
>> pLog-svn at devel.lifetype.net
>> http://limedaley.com/mailman/listinfo/plog-svn
>>
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://limedaley.com/mailman/listinfo/plog-svn
>
More information about the pLog-svn
mailing list