MLdonkey <= 2.9.7 HTTP DOUBLE SLASH Arbitrary File Disclosure Vuln

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : MLdonkey <= 2.9.7 HTTP DOUBLE SLASH Arbitrary File Disclosure Vuln
# Published : 2009-02-23
# Author : Michael Peselnik
# Previous Title : Optus/Huawei E960 HSDPA Router SMS XSS Attack
# Next Title : MS Internet Explorer 7 Memory Corruption Exploit (MS09-002) (xp sp2)

MLdonkey (up to 2.9.7) has  a  vulnerability  that allows remote user to access any
file   with   rights   of  running  Mldonkey  daemon  by  supplying  a
special-crafted  request  (ok,  there's  not much special about double
slash) to an Mldonkey http GUI (tcp/4080 usually).

Reference:
https://savannah.nongnu.org/bugs/?25667

Thus, the exploit would be as simple as accessing any file on a remote
host with your browser and double slash:

http://mlhost:4080//etc/passwd

# www.Syue.com [2009-02-23]