Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Reported Kazaa and Morpheus vulnerabilities

From: "Qazi M. M. Ahmed" <qaziahmed () pakcert org>
Date: Mon, 04 Feb 2002 17:54:12 +0500
I tried the http put style, didnt work but got the kazaa username with the following info: 

HTTP/1.0 501 Not Implemented
X-Kazaa-Username: some_kazaa_user
X-Kazaa-Network: MusicCity
X-Kazaa-IP: xxx.xxx.xxx.xxx:1214

Kazaa username and IP adress is changed for whatever purpose. :)

Qazi M.M. Ahmed


HarryM wrote:


Well, I think that's what the original poster was getting at.  Anyone
here tried the usual .. bugs and so on?  (Either successfully or not,
we'd like to know.)




Exactly. The BBC article claims that someone has, but there's no mention of
it on CERT or Securityfocus. I mean obviously if there is one it may not
have been posted about.. But I thought someone might have heard something.
Certainly simple things such as appending /../ or /..../ to the end of the
url don't work, but those funky numeric folder names must mean something.

Harry M
Previous By Date Next
Previous By Thread Next

Current thread: