Bugtraq mailing list archives
RealPlayer bug
From: "§ome1" <exe () FlashMail com>
Date: Sat, 2 Mar 2002 21:16:53 +0300
hi open RealPlayer, go to --> File ---> Open File.. ---> Select any real media file.. ex: c:\music\file.ram Play the file. Now go to ---> View ---> Clip Source realplayer will open the url http://127.0.0.1:1275/template.html?src=file://C:/music/file.ram from now realplay.exe will listen on port 1275 TCP as you can see, real player have a (Mini WebServer) that listen on port 1275 I only tested the ../../ bug GET http://127.0.0.1:1275/../../../../../boot.ini Result: my boot.ini Vulnerable version: 6.0.7 other version? maybe.. C:\>fport |grep real Pid Process Port Proto Path 1964 realplay -> 1275 TCP C:\Program Files\Real\RealPlayer\realplay.exe §ome1 exe () flashmail com
Current thread:
- RealPlayer bug §ome1 (Mar 03)
- Re: RealPlayer bug Michiel Heijkoop (Mar 04)
- Re: RealPlayer bug obscure (Mar 05)
- Re: RealPlayer bug bugtraq42 (Mar 05)
- Re: RealPlayer bug Jenny Holmberg (Mar 05)
- Re: RealPlayer bug Michiel Heijkoop (Mar 04)