[NT] SimpleCam Directory Traversal

• Previous message: SecuriTeam: "[NT] WinFTP Server Clear Text Passwords"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: list@securiteam.com
Date: 5 May 2005 19:39:08 +0200

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html

- - - - - - - - -

  SimpleCam Directory Traversal
------------------------------------------------------------------------

SUMMARY

" <http://www.deadpirate.com/> SimpleCam is an easy to use webcam software
product. It is designed for people who want to stream live video from
their computers without paying a fortune or signing up for a service."

The web server supplied with SimpleCam is vulnerable to a directory
traversal vulnerability, allowing unauthorized access to systems
information outside of web folder.

DETAILS

Vulnerable Systems:
 * SimpleCam version 1.2 and prior

Immune Systems:
 * SimpleCam version 1.3

The program has a built-in web server that is not able to manage patterns
like "..\" into the HTTP request. Therefore, an attacker can go out of the
document root assigned to the web server and see/download all the files
available on the remote machine.

To test the vulnerability, try accessing the following URL:
http://[host]/..\..\..\..\..\..\..\..\..\..\..\..\windows\system.ini

ADDITIONAL INFORMATION

The information has been provided by <mailto:fdonato@autistici.org>
Donato Ferrante.
The original article can be found at:
<http://www.autistici.org/fdonato/advisory/SimpleCam1.2-adv.txt>
http://www.autistici.org/fdonato/advisory/SimpleCam1.2-adv.txt

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

• Previous message: SecuriTeam: "[NT] WinFTP Server Clear Text Passwords"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]