header-logo
Suggest Exploit
vendor:
MP3Mystic Server
by:
SecurityFocus
4.3
CVSS
MEDIUM
Directory Traversal
22
CWE
Product Name: MP3Mystic Server
Affected Version From: 1
Affected Version To: 1
Patch Exists: YES
Related CWE: CVE-2001-0753
CPE: o:jason_rahaim:mp3mystic_server:1.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2001

Directory Traversal Vulnerability in MP3Mystic Server

A vulnerability exists in Jason Rahaim's MP3Mystic Server which allows a remote user to traverse the directories of a target host. This may lead to the disclosure of file and directory contents. Arbitrary directories can be accessed through the inclusion of double dot '../' sequences when submitting a URL.

Mitigation:

Upgrade to the latest version of MP3Mystic Server.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/2699/info

A vulnerability exists in Jason Rahaim's MP3Mystic Server which allows a remote user to traverse the directories of a target host. This may lead to the disclosure of file and directory contents. Arbitrary directories can be accessed through the inclusion of double dot '../' sequences when submitting a URL. 

www.example.com/../scandisk.log