Vulnerability Development mailing list archives
[Fwd: Reported Kazaa and Morpheus vulnerabilities]
From: Blue Boar <BlueBoar () thievco com>
Date: Mon, 04 Feb 2002 15:03:05 -0800
Daniel Tan wrote:
I tried supplying very long strings to each of the html-tags. Morpheus disconnects you if they are more than I think 5k long. Most of them are ignored. I tried the usual directory traversal, %2e (recognised, but doesn't traverse), %u002e (not recognised - file not found error). I think someone mentioned here before that those funky numbers correspond to a kind of table, which checks against a filename. Blue Boar wrote:Kartik Shinde wrote:Ah...but it would be interesting to hear if someone could possibly write a program whereby it would use morpheus port to access the shared folder and possibly break out of the so called created "shell"...!!!Well, I think that's what the original poster was getting at. Anyone here tried the usual .. bugs and so on? (Either successfully or not, we'd like to know.) BB
Current thread:
- [Fwd: Reported Kazaa and Morpheus vulnerabilities] Blue Boar (Feb 04)