Re: KaZaA + Morpheus sharing files

From: Hackemate.com.ar (hackemateat_private)
Date: Wed Aug 01 2001 - 06:28:30 PDT

  • Next message: Jon Zobrist: "Fwd: RE: SecureIIS - From the Focus-MS list..."

    They told me to repost it, so here it is
    That is not exactly a bug, anyway i think it can be used as a start
    to discover some huge security holes it has, here i send what i have
    been analyzing:
    
    When we install Morpheus or Kaaza, for the file sharing and searching,
    it opene sthe port 1214, but, here comes the impoortant thing, it
    doesn´t administarte or control it, so here comes:
    
    http://xxx.xxx.xxx.xxx:1214      (where xxx is the IP)
    
    When you type that in your browser (all my tests have been made with
    IE 5.5), it shows you all the shared files of that user, users with it
    can be easily found witha simple port scanner. But appart from showing
    you the files, it lets you download them, but here comes another weird
    thing, the files are not linked directly to that folder, or with the
    sam name, if not that they have different names (with ++s) an dlinked
    into folders named with numbers. For example:
    
    http://24.232.8.xxx:1214
    
    Sting - All ThisTime (unplugged).mp3   5693985
    castaway(1of2).avi                     261096960
    American Beauty (DVD Quality).avi      475150336
    
    But they are not linked like that, they are:
    
    http://24.232.8.x:1214/16206/Sting+-+All+ThisTime+%28unplugged%29.mp3
    instead of:
    http://24.232.8.x:1214/Sting+-+All+ThisTime+%28unplugged%29.mp3
    
    So, that shows us, that it orders them with subfolders and so, it
    would be something of time to discover how to make a directory scale,
    I have tested with http://xxx.xxx.xx.xxx:1214/..../ and with some
    unicode but it doesn t work, does anybody ahve an idea of cpould it be
    exploted?
    The port 1214 is also vulnerable to a Nuke or Denial of Service attack
    and falls very easily.
    
    I hope you keep on investigating this.
    
    
    Pablo Sabbatella
    KerozenE 1999-2001 c0oL!
    www.hackemate.com.ar
    



    This archive was generated by hypermail 2b30 : Wed Aug 01 2001 - 07:52:44 PDT