Re: Author:Blue Boar <blueboarthievco.com>

>Well, I think that's what the original poster was getting at. Anyone
>here tried the usual .. bugs and so on? (Either successfully or not,
>we'd like to know.)

I found this http server deal out on my own a few months back, then checked
up on it and found a bugtraq posting about it. Coded up a quick perl
scanner to check for autoexec.bat and then wrote a funny little article on
it for my website. It is a shame slashdot/bbc posted the "exploit" as news
and some group (2600?) claims they found it or whatever yet they don't know
what is causing it and they say it happens to some people and not to others
for no reason (LOL). After my scanner I tried the regular directory
transversal tricks, ../, url encoding, guessing the algo for the random
virtual directories/paths to the files, ip:1214/./../../, ip:1214/.\./.\./,
and all that good stuff with no success. I should note that I didn't try
... which brings win to root dir, but I don't think morpheous works on a
real file system - the directories are virtual so there is no way of getting
files that aren't shared.

just my .02, but it looks fairly secure from any method I am aware of.
Sorry I did not read the other posts in this thread, so some of this post
might be redundant.

http://b0iler.advknowledge.net
or for the article reguarding morpheous user's sharing files/morpheous
webserver:
http://www.eccentrix.com/education/b0iler/tutorials/idotsofp2p.htm

_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]