Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development mailing list archives

Re: KaZaA + Morpheus sharing files
From: Markus Kern <markus-kern () gmx net>
Date: Thu, 02 Aug 2001 13:30:58 +0200


"Hackemate.com.ar" <hackemate () softhome net> wrote:

<snip>


But they are not linked like that, they are:

http://24.232.8.x:1214/16206/Sting+-+All+ThisTime+%28unplugged%29.mp3
instead of:
http://24.232.8.x:1214/Sting+-+All+ThisTime+%28unplugged%29.mp3


The number (16206 here) is probably an index into an internal table
which contains all the shared files. This is actually a Good Thing
because it means that you can only download files that are in the table
in the first place. If implemented correctly it makes directory
traversal
attacks impossible.

Another thing that bothers me about KaZaA is that it downloads its
updates
not from a central server but from other peers on the network. If the
client
doesn't perform any integrity checks on the file it would be trivial to 
serve a trojan as update which would be automatically executed after the
users permission to update KaZaA.

-- Markus Kern

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]