Vulnerability Development mailing list archives
RE: Reported Kazaa and Morpheus vulnerabilities
From: "Colby Marks" <Colby () DigitalJunction com>
Date: Thu, 7 Feb 2002 22:28:55 -0500
However, this allows one to bypass the normal restrictions of the program. If I kept getting put on the "Remotely Queued" list for an item, I could point my browser at the person sharing the file. Then I could download the file w/o the user knowing. I put restrictions of bandwidth and number of users because I have a limited upload speed. This allows one to bypass that restriction. I believe this hole was revealed back in September sometime on this list because I remember it...I remember showing my friends this bug to alert them to it. -Colby -----Original Message----- From: HarryM [mailto:harrym () the-group org] Sent: Monday, February 04, 2002 2:43 AM To: Blue Boar; Kartik Shinde Cc: vuln-dev () securityfocus com Subject: Re: Reported Kazaa and Morpheus vulnerabilities
Well, I think that's what the original poster was getting at. Anyone here tried the usual .. bugs and so on? (Either successfully or not, we'd like to know.)
Exactly. The BBC article claims that someone has, but there's no mention of it on CERT or Securityfocus. I mean obviously if there is one it may not have been posted about.. But I thought someone might have heard something. Certainly simple things such as appending /../ or /..../ to the end of the url don't work, but those funky numeric folder names must mean something. Harry M
Current thread:
- Reported Kazaa and Morpheus vulnerabilities HarryM (Feb 03)
- Re: Reported Kazaa and Morpheus vulnerabilities Sebastian Ip (Feb 03)
- Re: Reported Kazaa and Morpheus vulnerabilities Kartik Shinde (Feb 03)
- Re: Reported Kazaa and Morpheus vulnerabilities Blue Boar (Feb 03)
- Re: Reported Kazaa and Morpheus vulnerabilities HarryM (Feb 03)
- Re: Reported Kazaa and Morpheus vulnerabilities Qazi M. M. Ahmed (Feb 04)
- Re: Reported Kazaa and Morpheus vulnerabilities HarryM (Feb 04)
- Re: Reported Kazaa and Morpheus vulnerabilities Stanley G. Bubrouski (Feb 04)
- Re: Reported Kazaa and Morpheus vulnerabilities dreamwvr () dreamwvr com (Feb 04)
- RE: Reported Kazaa and Morpheus vulnerabilities Elan Hasson (Feb 04)
- RE: Reported Kazaa and Morpheus vulnerabilities Colby Marks (Feb 07)
- Re: Reported Kazaa and Morpheus vulnerabilities Blue Boar (Feb 03)
- RE: Reported Kazaa and Morpheus vulnerabilities leon (Feb 05)
- Re: Reported Kazaa and Morpheus vulnerabilities Arta (Feb 05)
- RE: Reported Kazaa and Morpheus vulnerabilities Sven Kamphuis (Feb 10)
- <Possible follow-ups>
- Reported Kazaa and Morpheus vulnerabilities Carlos Gaona (Feb 03)
- Message not available
- Re: Reported Kazaa and Morpheus vulnerabilities Carlos Gaona (Feb 04)
- Message not available
- Re: Reported Kazaa and Morpheus vulnerabilities Blue Boar (Feb 04)