lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Mon Apr 18 22:45:10 2005
From: se_cur_ity at hotmail.com (Morning Wood)
Subject: WebcamXP

------------------------------------------------------------
     - EXPL-A-2005-005 exploitlabs.com Advisory 034 -
------------------------------------------------------------
                         - WebcamXP -



OVERVIEW
========
webcamXP is one of the most popular webcam software for private
and professional use. it offers unique features and unequaled
ease of use to let you broadcast / manage your video sources or
secure your company with up to 10 video sources per computer.



AFFECTED PRODUCTS
=================
webcamXP PRO v2.16.468 and below



DETAILS
=======
1.
A vulnerability in WebcamXP allows malicious attackers to redirect
chat users login to any URL they wish. This allows the attacker to
force the chat users to the site of the attackers choosing.

2.
By submitting a long user name in chat, an attacker can render the
chat feature unuseable in that the chat is pushed off of the frame
rendering the chatbox useless.




PROOF OF CONCEPT
================
1.
enter as a chat name any XSS like <iframe
src="http://whatismyip.com"></iframe>
all users are forceably redirected to the iframe url. ( other xss works
too )

2.
enter a username of extreme length. ( A x 128 )
the chatbox is moved over to give space to the username, disallowing further
input by existing users.



SOLUTION
========
Vendor contacted April 15, 2005
Patch / Update released April 18, 2005
webcamXP PRO v2.16.478
http://webcamxp.com




CREDITS
=======
This vulnerability was discovered and researched by
Donnie Werner of exploitlabs.com

Donnie Werner
se_cur_ity@...mail.com
wood@...loitlabs.com
morning_wood@...e-h.org
-- 
Web: http://exploitlabs.com
         http://zone-h.org

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ