漏洞类别:Web server漏洞等级: 
漏洞信息
MP3Mystic is a Web server designed to serve MP3 files via any browser. MP3Mystic is provided by Jason Rahaim of Mp3Mystic.com.
Remote users can gain read access to the directories where MP3Mystic Server has been installed. Through the use of double dot '../' sequences when submitting a URL, arbitrary directories and files could be disclosed, potentially compromising the privacy of user data and/or allowing a malicious user to obtain information which could be used to further undermine the host's security.
漏洞危害
If successfully exploited, this vulnerability could lead to the disclosure of sensitive information, which could assist in further attacks against the host.
解决方案
Jason Rahaim addressed this issue in MP3Mystic Version 1.04b3.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论