mailing list archives
Advisory for MP3Mystic
From: neme-dhc () HUSHMAIL COM
Date: Mon, 7 May 2001 19:32:44 -0500
[ Advisory for MP3Mystic ]
[ MP3Mystic is made by mp3mystic.com ]
[ Site: http://www.mp3mystic.com ]
[ by nemesystm of the DHC ]
[ (http://dhcorp.cjb.net - neme-dhc () hushmail com) ]
[ ADV-0117 ]
MP3Mystic is a webserver that lets a visitor browse
your harddrive only showing MP3 files. It is
vulnerable to the dot dot bug.
/-|=[who is vulnerable]=|-\
version 1.0 is assumed to be vulnerable as well.
one can retrieve scandisk.log. Add ../'s to adjust
the amount of directories that have to be moved
Download MP3Mystic 1.04b3. This will fix the bug.
Free, encrypted, secure Web-based email at www.hushmail.com
- Advisory for MP3Mystic neme-dhc (May 08)