Bugtraq mailing list archives

Advisory for MP3Mystic

From: neme-dhc () HUSHMAIL COM
Date: Mon, 7 May 2001 19:32:44 -0500

 [ Advisory for MP3Mystic                          ]
 [ MP3Mystic is made by mp3mystic.com              ]
 [ Site: http://www.mp3mystic.com                  ]
 [ by nemesystm of the DHC                         ]
 [ (http://dhcorp.cjb.net - neme-dhc () hushmail com) ]
 [ ADV-0117                                        ]

/-|=[explanation]=|-\
MP3Mystic is a webserver that lets a visitor browse
your harddrive only showing MP3 files. It is
vulnerable to the dot dot bug.

/-|=[who is vulnerable]=|-\
MP3Mystic 1.01
MP3Mystic 1.03
MP3Mystic 1.04
are vulnerable.
version 1.0 is assumed to be vulnerable as well.

/-|=[testing it]=|-\
By requesting
www.server.com/../scandisk.log
one can retrieve scandisk.log. Add ../'s to adjust
the amount of directories that have to be moved
down in.

/-|=[fix]=|-\
Download MP3Mystic 1.04b3. This will fix the bug.
Free, encrypted, secure Web-based email at www.hushmail.com

Current thread:

Advisory for MP3Mystic neme-dhc (May 08)