[20566] in bugtraq
Advisory for MP3Mystic
daemon@ATHENA.MIT.EDU (neme-dhc@HUSHMAIL.COM)
Tue May 8 11:09:36 2001
Content-type: multipart/mixed;
boundary="Hushpart_boundary_fWRyupdIvpkMsenXwiasHFQnPfFbAIee"
Mime-version: 1.0
Message-ID: <200105072330.QAA21552@user7.hushmail.com>
Date: Mon, 7 May 2001 19:32:44 -0500
Reply-To: neme-dhc@HUSHMAIL.COM
From: neme-dhc@HUSHMAIL.COM
To: BUGTRAQ@SECURITYFOCUS.COM
--Hushpart_boundary_fWRyupdIvpkMsenXwiasHFQnPfFbAIee
Content-type: text/plain
[ Advisory for MP3Mystic ]
[ MP3Mystic is made by mp3mystic.com ]
[ Site: http://www.mp3mystic.com ]
[ by nemesystm of the DHC ]
[ (http://dhcorp.cjb.net - neme-dhc@hushmail.com) ]
[ ADV-0117 ]
/-|=[explanation]=|-\
MP3Mystic is a webserver that lets a visitor browse
your harddrive only showing MP3 files. It is
vulnerable to the dot dot bug.
/-|=[who is vulnerable]=|-\
MP3Mystic 1.01
MP3Mystic 1.03
MP3Mystic 1.04
are vulnerable.
version 1.0 is assumed to be vulnerable as well.
/-|=[testing it]=|-\
By requesting
www.server.com/../scandisk.log
one can retrieve scandisk.log. Add ../'s to adjust
the amount of directories that have to be moved
down in.
/-|=[fix]=|-\
Download MP3Mystic 1.04b3. This will fix the bug.
Free, encrypted, secure Web-based email at www.hushmail.com
--Hushpart_boundary_fWRyupdIvpkMsenXwiasHFQnPfFbAIee--
