#20380 – MLdonkey <= 2.9.7 HTTP DOUBLE SLASH Arbitrary File Disclosure vulnerability

Bug 20380 - MLdonkey <= 2.9.7 HTTP DOUBLE SLASH Arbitrary File Disclosure vulnerability

Summary: MLdonkey <= 2.9.7 HTTP DOUBLE SLASH Arbitrary File Disclosure vulnerability

Status:	CLOSED DUPLICATE of bug 20379

Alias:	None

Product:	Sisyphus
Classification:	Development
Component:	mldonkey-server (show other bugs)
Version:	unstable
Hardware:	all Linux

Importance:	P3 critical
Assignee:	Aeliya Grevnyov
QA Contact:	qa-sisyphus

URL:
Keywords:

Depends on:
Blocks:

Reported:	2009-06-09 11:44 MSD by Василий Терешко
Modified:	2009-06-23 22:10 MSD (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Василий Терешко 2009-06-09 11:44:49 MSD

MLdonkey (up to 2.9.7) has  a  vulnerability  that allows remote user to access any
file   with   rights   of  running  Mldonkey  daemon  by  supplying  a
special-crafted  request  (ok,  there's  not much special about double
slash) to an Mldonkey http GUI (tcp/4080 usually).

Reference:
https://savannah.nongnu.org/bugs/?25667

Thus, the exploit would be as simple as accessing any file on a remote
host with your browser and double slash:

http://mlhost:4080//etc/passwd

# milw0rm.com [2009-02-23]

Comment 1 Aeliya Grevnyov 2009-06-23 22:10:54 MSD

дубль

*** This bug has been marked as a duplicate of bug 20379 ***