Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: Apps :: mp3m~1.htm

MP3Mystic dot-dot directory traversal



Vulnerability

    MP3Mystic

Affected

    MP3Mystic 1.01, 1.03, 1.04

Description

    nemesystm of the  DHC found following.   MP3Mystic is a  webserver
    that lets a visitor browse your harddrive only showing MP3  files.
    It is vulnerable to the dot dot bug.

    Version 1.0 is assumed to be vulnerable as well.

    By requesting

        www.server.com/../scandisk.log

    one can retrieve scandisk.log.  Add ../'s to adjust the amount  of
    directories that have to be moved down in.

Solution

    Download MP3Mystic 1.04b3.  This will fix the bug.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH