From: Jonathan E. <jon...@si...> - 2005-05-27 12:40:27
|
Jaros=B3aw Zabiello wrote: > http://spyce.sourceforge.net/cgi-bin/dump.spy?path=3D/etc/passwd > no comments that's a feature :) seriously, though, since SF.net htdocs isn't a subdirectory of cgi-bin, y= ou=20 need to be able to dump arbitrary files... if SF doesn't restrict the cgi= -bin=20 processes privileges appropriately, there's nothing I can do. (And it _is= _=20 restricted from /etc/shadow.) -Jonathan |