[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Re: directory traversal in SimpleCam 1.2

To: <bugtraq@xxxxxxxxxxxxxxxxx>, <vuln@xxxxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxxx>, <bugs@xxxxxxxxxxxxxxxxxxx>, <news@xxxxxxxxxxxxxx>, "Donato Ferrante" <fdonato@xxxxxxxxxxxxx>
Subject: [Full-disclosure] Re: directory traversal in SimpleCam 1.2
From: "pingywon" <pingywon@xxxxxxxxxxx>
Date: Thu, 5 May 2005 21:22:39 -0400

What port does the webserver run on?

Can we assume 80 ? or 8080 ? or even 8000 ?

Also can someone say what reponse the server has to a scan on that port that
it runs on

~pingywon
----- Original Message ----- 
From: "Donato Ferrante" <fdonato@xxxxxxxxxxxxx>
To: <bugtraq@xxxxxxxxxxxxxxxxx>; <vuln@xxxxxxxxxxx>;
<full-disclosure@xxxxxxxxxxxxxxxxx>; <bugs@xxxxxxxxxxxxxxxxxxx>;
<news@xxxxxxxxxxxxxx>
Sent: Wednesday, May 04, 2005 1:33 PM
Subject: directory traversal in SimpleCam 1.2


>
>                            Donato Ferrante
>
>
> Application:  SimpleCam
>               http://www.deadpirate.com/
>
> Version:      1.2
>
> Bug:          directory traversal
>
> Date:         04-May-2005
>
> Author:       Donato Ferrante
>               e-mail: fdonato@xxxxxxxxxxxxx
>               web:    www.autistici.org/fdonato
>
>
>
> xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>
> 1. Description
> 2. The bug
> 3. The code
> 4. The fix
>
>
>
> xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>
> ----------------
> 1. Description:
> ----------------
>
> Vendor's Description:
>
> "SimpleCam is an easy to use webcam software product. It is designed
> for people who want to stream live video from their computers without
> paying a fortune or signing up for a service."
>
>
>
> xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>
> ------------
> 2. The bug:
> ------------
>
> The program has a built-in webserver that is not able to manage
> patterns like "..\" into http requests.
> So an attacker can go out the document root assigned to the webserver
> and see/download all the files available on the remote system.
>
>
>
> xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>
> -------------
> 3. The code:
> -------------
>
> To test the vulnerability:
>
> http://[host]/..\..\..\..\..\..\..\..\..\..\..\..\windows\system.ini
>
>
>
> xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>
> ------------
> 4. The fix:
> ------------
>
> Bug fixed in the version 1.3.
>
>
>
> xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] directory traversal in SimpleCam 1.2
  - From: Donato Ferrante

Prev by Date: [Full-disclosure] Statcounter Script Injection User Session Hijack
Next by Date: [Full-disclosure] MDKSA-2005:081 - Updated XFree86/XOrg packages fix libXpm vulnerabilities
Previous by thread: [Full-disclosure] directory traversal in SimpleCam 1.2
Next by thread: [Full-disclosure] SQL Tabular data stream payload in initial SYN?
Index(es):
- Date
- Thread