Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: RealPlayer bug
From: Michiel Heijkoop <myself () mhil net>
Date: Sun, 3 Mar 2002 22:17:10 +0100
Hey,

On Sat, Mar 02, 2002 at 09:16:53PM +0300, §ome1 wrote:

http://127.0.0.1:1275/template.html?src=file://C:/music/file.ram
from now realplay.exe will listen on port 1275 TCP

As the URL indicates, it's well possible that the webserver only listens to 127.0.0.1, which wouldn't make it a large 
security risk, unless its ran on an NT-machine under an admin-account and accessed by a regular user, which could then 
have read-access to files, he/she shouldn't have it to. Perhaps someone with Realplayer installed can check wether this 
miniserver is binding to all interfaces, or just the loopback?

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]