[Full-disclosure] directory traversal in SimpleCam 1.2

• Previous message: Luigi Auriemma: "[Full-disclosure] Gamespy cd-key validation system: Cd-key never in use"
• Next in thread: pingywon: "[Full-disclosure] Re: directory traversal in SimpleCam 1.2"
• Reply: pingywon: "[Full-disclosure] Re: directory traversal in SimpleCam 1.2"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 4 May 2005 17:33:51 -0000
To: <bugtraq@securityfocus.com>, <vuln@secunia.com>, <full-disclosure@lists.grok.org.uk>, <bugs@securitytracker.com>, <news@securiteam.com>

                           Donato Ferrante

Application: SimpleCam
              http://www.deadpirate.com/

Version: 1.2

Bug: directory traversal

Date: 04-May-2005

Author: Donato Ferrante
              e-mail: fdonato@autistici.org
              web: www.autistici.org/fdonato

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

1. Description
2. The bug
3. The code
4. The fix

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

----------------
1. Description:
----------------

Vendor's Description:

"SimpleCam is an easy to use webcam software product. It is designed
for people who want to stream live video from their computers without
paying a fortune or signing up for a service."

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

------------
2. The bug:
------------

The program has a built-in webserver that is not able to manage
patterns like "..\" into http requests.
So an attacker can go out the document root assigned to the webserver
and see/download all the files available on the remote system.

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

-------------
3. The code:
-------------

To test the vulnerability:

http://[host]/..\..\..\..\..\..\..\..\..\..\..\..\windows\system.ini

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

------------
4. The fix:
------------

Bug fixed in the version 1.3.

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

• Previous message: Luigi Auriemma: "[Full-disclosure] Gamespy cd-key validation system: Cd-key never in use"
• Next in thread: pingywon: "[Full-disclosure] Re: directory traversal in SimpleCam 1.2"
• Reply: pingywon: "[Full-disclosure] Re: directory traversal in SimpleCam 1.2"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Denial of service in Getwares built-in webserver (Webcam Live and Photohost) ... Bug ... Fix ... The web functions are managed by a built-in webserver that is the same ... The bug is in the management of the value of the Content-Length ... (Bugtraq) directory traversal in SimpleCam 1.2 ... The bug ... The fix ... "SimpleCam is an easy to use webcam software product. ... The program has a built-in webserver that is not able to manage ... (Bugtraq) please pull from the trivial tree ... Fix spelling in E1000_DISABLE_PACKET_SPLIT Kconfig description ... +- Finding patch that caused a bug ... +Always try the latest kernel from kernel.org and build from source. ... Length of input string in bytes ... (Linux-Kernel) Subterrane v0.194 Alpha Released ... system, a character sheet, a ton of new spells, new monsters, item ... Added a character sheet that displays your character's ... Fix: Fixed a bug in the encumbrance calculation and status display ... (rec.games.roguelike.announce) [Un] Unangband 0.6.2-wip7a has been released ... This release is mostly a bug fix revision to wip7, however, I was able to sneak ... The player only suffers a monster disease if the monster disease state isn't ... Fix up some animal speech sayings. ... (rec.games.roguelike.angband)