[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <BAY104-DAV119D8A6FBC1B245A3009C8D01B0@phx.gbl>
Date: Fri May 6 02:24:53 2005
From: pingywon at hotmail.com (pingywon)
Subject: Re: directory traversal in SimpleCam 1.2
What port does the webserver run on?
Can we assume 80 ? or 8080 ? or even 8000 ?
Also can someone say what reponse the server has to a scan on that port that
it runs on
~pingywon
----- Original Message -----
From: "Donato Ferrante" <fdonato@...istici.org>
To: <bugtraq@...urityfocus.com>; <vuln@...unia.com>;
<full-disclosure@...ts.grok.org.uk>; <bugs@...uritytracker.com>;
<news@...uriteam.com>
Sent: Wednesday, May 04, 2005 1:33 PM
Subject: directory traversal in SimpleCam 1.2
>
> Donato Ferrante
>
>
> Application: SimpleCam
> http://www.deadpirate.com/
>
> Version: 1.2
>
> Bug: directory traversal
>
> Date: 04-May-2005
>
> Author: Donato Ferrante
> e-mail: fdonato@...istici.org
> web: www.autistici.org/fdonato
>
>
>
> xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>
> 1. Description
> 2. The bug
> 3. The code
> 4. The fix
>
>
>
> xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>
> ----------------
> 1. Description:
> ----------------
>
> Vendor's Description:
>
> "SimpleCam is an easy to use webcam software product. It is designed
> for people who want to stream live video from their computers without
> paying a fortune or signing up for a service."
>
>
>
> xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>
> ------------
> 2. The bug:
> ------------
>
> The program has a built-in webserver that is not able to manage
> patterns like "..\" into http requests.
> So an attacker can go out the document root assigned to the webserver
> and see/download all the files available on the remote system.
>
>
>
> xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>
> -------------
> 3. The code:
> -------------
>
> To test the vulnerability:
>
> http://[host]/..\..\..\..\..\..\..\..\..\..\..\..\windows\system.ini
>
>
>
> xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>
> ------------
> 4. The fix:
> ------------
>
> Bug fixed in the version 1.3.
>
>
>
> xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>
Powered by blists - more mailing lists