Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Re: [DSECRG-08-018] Ruby 1.8.6 (Webrick Httpd 1.3.1) Directory traversal file Download Vulnerability
Mar 06 2008 05:28PM
H D Moore (sflist digitaloffense net)
I added a "monkey-patch" for this in the Metasploit source tree -- even if
you use Metasploit 3.1 with an unpatched version of Ruby, the patched
handler code is loaded into memory on top of the existing module. Since
the msfweb service will bind to 127.0.0.1 by default, this is not ...
[ more ]
Copyright 2010, SecurityFocus