Advisory for MP3Mystic

From: neme-dhcat_private
Date: Mon May 07 2001 - 17:32:44 PDT

Next message: neme-dhcat_private: "Advisory for A1Stats"

Previous message: Ofir Arkin: "Fun with IP Identification Field Values (Identifying Older MS Based OSs)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

 [ Advisory for MP3Mystic                          ]
 [ MP3Mystic is made by mp3mystic.com              ]
 [ Site: http://www.mp3mystic.com                  ]
 [ by nemesystm of the DHC                         ]
 [ (http://dhcorp.cjb.net - neme-dhcat_private) ]
 [ ADV-0117                                        ]

/-|=[explanation]=|-\
MP3Mystic is a webserver that lets a visitor browse
your harddrive only showing MP3 files. It is
vulnerable to the dot dot bug.

/-|=[who is vulnerable]=|-\
MP3Mystic 1.01
MP3Mystic 1.03
MP3Mystic 1.04
are vulnerable.
version 1.0 is assumed to be vulnerable as well.

/-|=[testing it]=|-\
By requesting
www.server.com/../scandisk.log
one can retrieve scandisk.log. Add ../'s to adjust
the amount of directories that have to be moved
down in.

/-|=[fix]=|-\
Download MP3Mystic 1.04b3. This will fix the bug.
Free, encrypted, secure Web-based email at www.hushmail.com

Next message: neme-dhcat_private: "Advisory for A1Stats"
Previous message: Ofir Arkin: "Fun with IP Identification Field Values (Identifying Older MS Based OSs)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue May 08 2001 - 08:10:12 PDT