lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Fri, 19 Dec 2003 19:30:29 +0000
From: Luigi Auriemma <aluigi@...ervista.org>
To: bugtraq@...urityfocus.com
Subject: Directory traversal and XSS in Active Webcam <= 4.3



#######################################################################

                             Luigi Auriemma

Application:  Active Webcam
              http://www.pysoft.com/ActiveWebCamMainpage.htm
Versions:     <= 4.3 before 17 Dec 2003
Platforms:    Windows
Bugs:         directory traversal and cross site scripting
Risk:         high
Exploitation: remote with browser
Date:         19 Dec 2003
Author:       Luigi Auriemma
              e-mail: aluigi@...ervista.org
              web:    http://aluigi.altervista.org


#######################################################################


1) Introduction
2) Bugs
3) The Code
4) Fix


#######################################################################

===============
1) Introduction
===============


Active WebCam is a shareware program for capturing and sharing the
video streams from a lot of video devices.



#######################################################################

=======
2) Bugs
=======


The application has a built-in webserver to share the captured video
stream and it is vulnerable to a simple directory traversal (classical
"../" and "..\") letting an attacker to see and download all the files
in the remote system if he know their paths.

The second bug instead is a cross site scripting bug on error pages, in
fact the user's input is not filtered and is shown in the returned page
(example: "The requested URL /<script> was not found on this server.").



#######################################################################

===========
3) The Code
===========


A] Directory traversal bug:

http://server:8080/../../../windows/system.ini
http://server:8080/..\..\..\windows/system.ini


B] Cross site scripting:

http://server:8080/<script>alert('XSS example');</script>



#######################################################################

======
4) Fix
======


The vendor has quickly released a patched package but the version
number has not been changed and there are no news on the website about
the new package.
That means the users can't know that exists a new version of the
program and moreover that the new version fixes important bugs.

The new version has been released exactly the 17 Dec 2003 so all the
previous versions are vulnerables.
The only three methods to know if the own version is the old are to
test it or to check if the size of WebCam.exe version 4.3 is 1438720
bytes (size of the patched executable) or simply checking its date.



#######################################################################


--- 
Luigi Auriemma
http://aluigi.altervista.org

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ