header-logo
Suggest Exploit
vendor:
MLdonkey
by:
milw0rm.com
6.4
CVSS
MEDIUM
Remote File Access Vulnerability
N/A
CWE
Product Name: MLdonkey
Affected Version From: 2.9.2007
Affected Version To: 2.9.2007
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

MLdonkey (up to 2.9.7) Remote File Access Vulnerability

MLdonkey (up to 2.9.7) has a vulnerability that allows remote user to access any file with rights of running Mldonkey daemon by supplying a special-crafted request (ok, there's not much special about double slash) to an Mldonkey http GUI (tcp/4080 usually). Thus, the exploit would be as simple as accessing any file on a remote host with your browser and double slash: http://mlhost:4080//etc/passwd

Mitigation:

N/A
Source

Exploit-DB raw data:

MLdonkey (up to 2.9.7) has  a  vulnerability  that allows remote user to access any
file   with   rights   of  running  Mldonkey  daemon  by  supplying  a
special-crafted  request  (ok,  there's  not much special about double
slash) to an Mldonkey http GUI (tcp/4080 usually).

Reference:
https://savannah.nongnu.org/bugs/?25667

Thus, the exploit would be as simple as accessing any file on a remote
host with your browser and double slash:

http://mlhost:4080//etc/passwd

# milw0rm.com [2009-02-23]

Navigation

Suggest Exploit

Services By CQR