Re: KaZaA + Morpheus sharing files

[Hackemate.com.ar <hackemate () softhome net>]

They told me to repost it, so here it is
That is not exactly a bug, anyway i think it can be used as a start
to discover some huge security holes it has, here i send what i have
been analyzing:

When we install Morpheus or Kaaza, for the file sharing and searching,
it opene sthe port 1214, but, here comes the impoortant thing, it
doesn´t administarte or control it, so here comes:

Http://xxx.xxx.xxx.xxx:1214      (where xxx is the IP)

When you type that in your browser (all my tests have been made with
IE 5.5), it shows you all the shared files of that user, users with it
can be easily found witha simple port scanner. But appart from showing
you the files, it lets you download them, but here comes another weird
thing, the files are not linked directly to that folder, or with the
sam name, if not that they have different names (with ++s) an dlinked
into folders named with numbers. For example:

http://24.232.8.xxx:1214

Sting - All ThisTime (unplugged).mp3   5693985
castaway(1of2).avi                     261096960
American Beauty (DVD Quality).avi      475150336

But they are not linked like that, they are:

http://24.232.8.x:1214/16206/Sting+-+All+ThisTime+%28unplugged%29.mp3
instead of:
http://24.232.8.x:1214/Sting+-+All+ThisTime+%28unplugged%29.mp3

So, that shows us, that it orders them with subfolders and so, it
would be something of time to discover how to make a directory scale,
I have tested with Http://xxx.xxx.xx.xxx:1214/..../ and with some
unicode but it doesn t work, does anybody ahve an idea of cpould it be
exploted?
The port 1214 is also vulnerable to a Nuke or Denial of Service attack
and falls very easily.

I hope you keep on investigating this.


Pablo Sabbatella
KerozenE 1999-2001 c0oL!
www.hackemate.com.ar