[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20050504173351.BF825158315@chernobyl.investici.org>
Date: Wed May  4 18:33:54 2005
From: fdonato at autistici.org (Donato Ferrante)
Subject: directory traversal in SimpleCam 1.2
                           Donato Ferrante
Application:  SimpleCam
              http://www.deadpirate.com/
Version:      1.2
Bug:          directory traversal
Date:         04-May-2005
Author:       Donato Ferrante
              e-mail: fdonato@...istici.org
              web:    www.autistici.org/fdonato
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
1. Description
2. The bug
3. The code
4. The fix
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
----------------
1. Description:
----------------
Vendor's Description:
"SimpleCam is an easy to use webcam software product. It is designed
for people who want to stream live video from their computers without
paying a fortune or signing up for a service."
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
------------
2. The bug:
------------
The program has a built-in webserver that is not able to manage
patterns like "..\" into http requests.
So an attacker can go out the document root assigned to the webserver
and see/download all the files available on the remote system.
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-------------
3. The code:
-------------
To test the vulnerability:
http://[host]/..\..\..\..\..\..\..\..\..\..\..\..\windows\system.ini
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
------------
4. The fix:
------------
Bug fixed in the version 1.3.
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Powered by blists - more mailing lists
 
