Exploit Database - Logo

RealServer 5.0/6.0/7.0 - Memory Contents Disclosure

EDB-ID: 20406 Author: CORE-SDI Published: 2000-11-16
CVE: CVE-2000-1181 Type: Remote Platform: Multiple
Aliases: N/A Advisory/Source: N/A Tags: Vulnerability
E-DB Verified: Verified Exploit: Download Exploit Code Download / View Raw Vulnerable App: N/A
« Previous Exploit Next Exploit » 
source : http://www.securityfocus.com/bid/1957/info


RealServer is a popular streaming audio and video server from Real Networks.

A vulnerability exists in all versions of RealServer 7 and below that could allow a remote attacker to gain administrative rights and access to server information and data belonging to other user sessions. RealServer will pass random pieces of the server's runtime memory which may contain information on previous sessions including cookies, usernames, passwords and the port number where the administrative server listens. This can be achieved by passing a specific URL request to the server.


To gather exploitable information from the RealServer, issue the following URL request to the server:

http://targetserver/admin/includes/

Related Exploits

Trying to match CVEs (1): CVE-2000-1181
Trying to match OSVDBs (1): 453
Other Possible E-DB Search Terms: RealServer 5.0/6.0/7.0,  RealServer 5.0,  RealServer
Date D V Title Author
2010-08-07Download Exploit Code Verified RealServer - Describe Buffer Overflow (Metasploit)Metasploit
2002-12-20Download Exploit Code Verified RealServer 7-9 - Describe Buffer Overflow (Metasploit)H D Moore
2003-04-30Download Exploit Code Verified RealServer < 8.0.2 (Windows Platforms) - Remote ExploitJohnny Cybe...
Menu