| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200505071224.21523.fdonato@autistici.org> Date: Sat May 7 11:20:57 2005 From: fdonato at autistici.org (Donato Ferrante) Subject: Re: directory traversal in SimpleCam 1.2 > What port does the webserver run on? > > Can we assume 80 ? or 8080 ? or even 8000 ? The webserver runs on 80. > > Also can someone say what reponse the server has to a scan on that port > that it runs on > > ~pingywon > ----- Original Message ----- > From: "Donato Ferrante" <fdonato@...istici.org> > To: <bugtraq@...urityfocus.com>; <vuln@...unia.com>; > <full-disclosure@...ts.grok.org.uk>; <bugs@...uritytracker.com>; > <news@...uriteam.com> > Sent: Wednesday, May 04, 2005 1:33 PM > Subject: directory traversal in SimpleCam 1.2 > > > Donato Ferrante > > > > > > Application: SimpleCam > > http://www.deadpirate.com/ > > > > Version: 1.2 > > > > Bug: directory traversal > > > > Date: 04-May-2005 > > > > Author: Donato Ferrante > > e-mail: fdonato@...istici.org > > web: www.autistici.org/fdonato > > > > > > > > xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx > > > > 1. Description > > 2. The bug > > 3. The code > > 4. The fix > > > > > > > > xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx > > > > ---------------- > > 1. Description: > > ---------------- > > > > Vendor's Description: > > > > "SimpleCam is an easy to use webcam software product. It is designed > > for people who want to stream live video from their computers without > > paying a fortune or signing up for a service." > > > > > > > > xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx > > > > ------------ > > 2. The bug: > > ------------ > > > > The program has a built-in webserver that is not able to manage > > patterns like "..\" into http requests. > > So an attacker can go out the document root assigned to the webserver > > and see/download all the files available on the remote system. > > > > > > > > xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx > > > > ------------- > > 3. The code: > > ------------- > > > > To test the vulnerability: > > > > http://[host]/..\..\..\..\..\..\..\..\..\..\..\..\windows\system.ini > > > > > > > > xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx > > > > ------------ > > 4. The fix: > > ------------ > > > > Bug fixed in the version 1.3. > > > > > > > > xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx -- Donato Ferrante www.autistici.org/fdonato
Powered by blists - more mailing lists