RE: Reported Kazaa and Morpheus vulnerabilities

From: Elan Hasson (elanat_private)
Date: Mon Feb 04 2002 - 06:18:48 PST

Next message: Scalise, Marzio: "Re: Correction - Oracle Apache+WebDB info leakege"

Previous message: Gabriel A. Maggiotti: "Lotus Domino password bypass"
In reply to: HarryM: "Re: Reported Kazaa and Morpheus vulnerabilities"
Next in thread: Colby Marks: "RE: Reported Kazaa and Morpheus vulnerabilities"
Next in thread: Carlos Gaona: "Reported Kazaa and Morpheus vulnerabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

could somone post some of the output (These file names)?

-----Original Message-----
From: HarryM [mailto:harrym@the-group.org]
Sent: Monday, February 04, 2002 2:43 AM
To: Blue Boar; Kartik Shinde
Cc: vuln-devat_private
Subject: Re: Reported Kazaa and Morpheus vulnerabilities

> Well, I think that's what the original poster was getting at.  Anyone
> here tried the usual .. bugs and so on?  (Either successfully or not,
> we'd like to know.)
>

Exactly. The BBC article claims that someone has, but there's no mention of
it on CERT or Securityfocus. I mean obviously if there is one it may not
have been posted about.. But I thought someone might have heard something.
Certainly simple things such as appending /../ or /..../ to the end of the
url don't work, but those funky numeric folder names must mean something.

Harry M

Next message: Scalise, Marzio: "Re: Correction - Oracle Apache+WebDB info leakege"
Previous message: Gabriel A. Maggiotti: "Lotus Domino password bypass"
In reply to: HarryM: "Re: Reported Kazaa and Morpheus vulnerabilities"
Next in thread: Colby Marks: "RE: Reported Kazaa and Morpheus vulnerabilities"
Next in thread: Carlos Gaona: "Reported Kazaa and Morpheus vulnerabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Feb 04 2002 - 11:51:49 PST