Re: Author:Blue Boar <blueboarat_private> >Well, I think that's what the original poster was getting at. Anyone >here tried the usual .. bugs and so on? (Either successfully or not, >we'd like to know.) I found this http server deal out on my own a few months back, then checked up on it and found a bugtraq posting about it. Coded up a quick perl scanner to check for autoexec.bat and then wrote a funny little article on it for my website. It is a shame slashdot/bbc posted the "exploit" as news and some group (2600?) claims they found it or whatever yet they don't know what is causing it and they say it happens to some people and not to others for no reason (LOL). After my scanner I tried the regular directory transversal tricks, ../, url encoding, guessing the algo for the random virtual directories/paths to the files, ip:1214/./../../, ip:1214/.\./.\./, and all that good stuff with no success. I should note that I didn't try ... which brings win to root dir, but I don't think morpheous works on a real file system - the directories are virtual so there is no way of getting files that aren't shared. just my .02, but it looks fairly secure from any method I am aware of. Sorry I did not read the other posts in this thread, so some of this post might be redundant. http://b0iler.advknowledge.net or for the article reguarding morpheous user's sharing files/morpheous webserver: http://www.eccentrix.com/education/b0iler/tutorials/idotsofp2p.htm _________________________________________________________________ Send and receive Hotmail on your mobile device: http://mobile.msn.com
This archive was generated by hypermail 2b30 : Tue Feb 05 2002 - 19:49:51 PST