Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: Advisory for MP3Mystic

Advisory for MP3Mystic

From: <neme-dhc_at_HUSHMAIL.COM>
Date: Mon, 7 May 2001 19:32:44 -0500

 [ Advisory for MP3Mystic ]
 [ MP3Mystic is made by mp3mystic.com ]
 [ Site: http://www.mp3mystic.com ]
 [ by nemesystm of the DHC ]
 [ (http://dhcorp.cjb.net - neme-dhc@hushmail.com) ]
 [ ADV-0117 ]

/-|=[explanation]=|-\
MP3Mystic is a webserver that lets a visitor browse
your harddrive only showing MP3 files. It is
vulnerable to the dot dot bug.

/-|=[who is vulnerable]=|-\
MP3Mystic 1.01
MP3Mystic 1.03
MP3Mystic 1.04
are vulnerable.
version 1.0 is assumed to be vulnerable as well.

/-|=[testing it]=|-\
By requesting
www.server.com/../scandisk.log
one can retrieve scandisk.log. Add ../'s to adjust
the amount of directories that have to be moved
down in.

/-|=[fix]=|-\
Download MP3Mystic 1.04b3. This will fix the bug.
Free, encrypted, secure Web-based email at www.hushmail.com
Received on May 08 2001

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]