[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Re: directory traversal in SimpleCam 1.2

To: full-disclosure@xxxxxxxxxxxxxxxxx, pingywon@xxxxxxxxxxx
Subject: [Full-disclosure] Re: directory traversal in SimpleCam 1.2
From: Donato Ferrante <fdonato@xxxxxxxxxxxxx>
Date: Sat, 7 May 2005 12:24:21 +0200

> What port does the webserver run on?
>
> Can we assume 80 ? or 8080 ? or even 8000 ?

The webserver runs on 80.

>
> Also can someone say what reponse the server has to a scan on that port
> that it runs on
>
> ~pingywon
> ----- Original Message -----
> From: "Donato Ferrante" <fdonato@xxxxxxxxxxxxx>
> To: <bugtraq@xxxxxxxxxxxxxxxxx>; <vuln@xxxxxxxxxxx>;
> <full-disclosure@xxxxxxxxxxxxxxxxx>; <bugs@xxxxxxxxxxxxxxxxxxx>;
> <news@xxxxxxxxxxxxxx>
> Sent: Wednesday, May 04, 2005 1:33 PM
> Subject: directory traversal in SimpleCam 1.2
>
> >                            Donato Ferrante
> >
> >
> > Application:  SimpleCam
> >               http://www.deadpirate.com/
> >
> > Version:      1.2
> >
> > Bug:          directory traversal
> >
> > Date:         04-May-2005
> >
> > Author:       Donato Ferrante
> >               e-mail: fdonato@xxxxxxxxxxxxx
> >               web:    www.autistici.org/fdonato
> >
> >
> >
> > xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> >
> > 1. Description
> > 2. The bug
> > 3. The code
> > 4. The fix
> >
> >
> >
> > xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> >
> > ----------------
> > 1. Description:
> > ----------------
> >
> > Vendor's Description:
> >
> > "SimpleCam is an easy to use webcam software product. It is designed
> > for people who want to stream live video from their computers without
> > paying a fortune or signing up for a service."
> >
> >
> >
> > xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> >
> > ------------
> > 2. The bug:
> > ------------
> >
> > The program has a built-in webserver that is not able to manage
> > patterns like "..\" into http requests.
> > So an attacker can go out the document root assigned to the webserver
> > and see/download all the files available on the remote system.
> >
> >
> >
> > xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> >
> > -------------
> > 3. The code:
> > -------------
> >
> > To test the vulnerability:
> >
> > http://[host]/..\..\..\..\..\..\..\..\..\..\..\..\windows\system.ini
> >
> >
> >
> > xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> >
> > ------------
> > 4. The fix:
> > ------------
> >
> > Bug fixed in the version 1.3.
> >
> >
> >
> > xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

-- 
Donato Ferrante
www.autistici.org/fdonato
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] Paypal Phishing Again
Next by Date: [Full-disclosure] Re: [SEC-1 LTD] RSA SecurID Web Agent Heap Overflow
Previous by thread: Re: [Full-disclosure] PWCK Overflow POC Code Redhat/Suse older versions or something (maybe later too)
Next by thread: [Full-disclosure] Ethereal <= 0.10.10 single UDP packet DoS
Index(es):
- Date
- Thread