They told me to repost it, so here it is That is not exactly a bug, anyway i think it can be used as a start to discover some huge security holes it has, here i send what i have been analyzing: When we install Morpheus or Kaaza, for the file sharing and searching, it opene sthe port 1214, but, here comes the impoortant thing, it doesn´t administarte or control it, so here comes: http://xxx.xxx.xxx.xxx:1214 (where xxx is the IP) When you type that in your browser (all my tests have been made with IE 5.5), it shows you all the shared files of that user, users with it can be easily found witha simple port scanner. But appart from showing you the files, it lets you download them, but here comes another weird thing, the files are not linked directly to that folder, or with the sam name, if not that they have different names (with ++s) an dlinked into folders named with numbers. For example: http://24.232.8.xxx:1214 Sting - All ThisTime (unplugged).mp3 5693985 castaway(1of2).avi 261096960 American Beauty (DVD Quality).avi 475150336 But they are not linked like that, they are: http://24.232.8.x:1214/16206/Sting+-+All+ThisTime+%28unplugged%29.mp3 instead of: http://24.232.8.x:1214/Sting+-+All+ThisTime+%28unplugged%29.mp3 So, that shows us, that it orders them with subfolders and so, it would be something of time to discover how to make a directory scale, I have tested with http://xxx.xxx.xx.xxx:1214/..../ and with some unicode but it doesn t work, does anybody ahve an idea of cpould it be exploted? The port 1214 is also vulnerable to a Nuke or Denial of Service attack and falls very easily. I hope you keep on investigating this. Pablo Sabbatella KerozenE 1999-2001 c0oL! www.hackemate.com.ar
This archive was generated by hypermail 2b30 : Wed Aug 01 2001 - 07:52:44 PDT