[Fwd: Reported Kazaa and Morpheus vulnerabilities]

[Blue Boar <BlueBoar () thievco com>]

Daniel Tan wrote:
> I tried supplying very long strings to each of the html-tags. Morpheus
> disconnects you if they are more than I think 5k long. Most of them are
> ignored.
> I tried the usual directory traversal, %2e (recognised, but doesn't traverse),
> %u002e (not recognised - file not found error).
>
> I think someone mentioned here before that those funky numbers correspond to
> a kind of table, which checks against a filename.
>
> Blue Boar wrote:
> > Kartik Shinde wrote:
> > > Ah...but it would be interesting to hear if someone could possibly write a
> > > program whereby it would use morpheus port to access the shared folder and
> > > possibly break out of the so called created "shell"...!!!
> >
> > Well, I think that's what the original poster was getting at.  Anyone
> > here tried the usual .. bugs and so on?  (Either successfully or not,
> > we'd like to know.)
> >
> >                                         BB