Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Kevin Walsh: LimeWire Gnutella client two vulnerabilities
From: Ill will <xillwillx () gmail com>
Date: Wed, 16 Mar 2005 14:39:43 -0500
using limewire version 4.4.1 on windows
192.168.1.2:6346/gnutella/res/c\:boot.ini 
works perfectly fine
the magnet request
192.168.1.2/magnet10/../../../../../Windows/Win.ini?Simple-test
forwards you to a "fix" that they are using to patch all the new
version.. the simply put an index.html that meta-refresh forwards you
to their site

[html>
[head>
[title>Please Share</title>
[meta http-equiv="refresh" 
content="0; 
URL=http://www2.limewire.com/browser.htm";>
[/head>
[body>
[a href="http://www2.limewire.com/browser.htm";>Please Share[/a>
[/body>
[/html>

im also attaching to programs+ source  i wrote that either allow you
to read the files from the console
or download the file itself from the user

-- 
- illwill
http://illmob.org

Attachment: limewire.rar
Description:

  By Date           By Thread  

Current thread:
  • Kevin Walsh: LimeWire Gnutella client two vulnerabilities Ill will (Mar 17)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]