Full Disclosure mailing list archives
Re: directory traversal in SimpleCam 1.2
From: Donato Ferrante <fdonato () autistici org>
Date: Sat, 7 May 2005 12:24:21 +0200
What port does the webserver run on? Can we assume 80 ? or 8080 ? or even 8000 ?
The webserver runs on 80.
Also can someone say what reponse the server has to a scan on that port that it runs on ~pingywon ----- Original Message ----- From: "Donato Ferrante" <fdonato () autistici org> To: <bugtraq () securityfocus com>; <vuln () secunia com>; <full-disclosure () lists grok org uk>; <bugs () securitytracker com>; <news () securiteam com> Sent: Wednesday, May 04, 2005 1:33 PM Subject: directory traversal in SimpleCam 1.2Donato Ferrante Application: SimpleCam http://www.deadpirate.com/ Version: 1.2 Bug: directory traversal Date: 04-May-2005 Author: Donato Ferrante e-mail: fdonato () autistici org web: www.autistici.org/fdonato xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 1. Description 2. The bug 3. The code 4. The fix xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ---------------- 1. Description: ---------------- Vendor's Description: "SimpleCam is an easy to use webcam software product. It is designed for people who want to stream live video from their computers without paying a fortune or signing up for a service." xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ------------ 2. The bug: ------------ The program has a built-in webserver that is not able to manage patterns like "..\" into http requests. So an attacker can go out the document root assigned to the webserver and see/download all the files available on the remote system. xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ------------- 3. The code: ------------- To test the vulnerability: http://[host]/..\..\..\..\..\..\..\..\..\..\..\..\windows\system.ini xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ------------ 4. The fix: ------------ Bug fixed in the version 1.3. xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-- Donato Ferrante www.autistici.org/fdonato _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- directory traversal in SimpleCam 1.2 Donato Ferrante (May 04)
- Re: directory traversal in SimpleCam 1.2 pingywon (May 05)
- <Possible follow-ups>
- Re: directory traversal in SimpleCam 1.2 Donato Ferrante (May 07)