What port does the webserver run on? Can we assume 80 ? or 8080 ? or even 8000 ?
Also can someone say what reponse the server has to a scan on that port that it runs on ~pingywon ----- Original Message ----- From: "Donato Ferrante" <[EMAIL PROTECTED]> To: <[email protected]>; <[EMAIL PROTECTED]>; <[email protected]>; <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Wednesday, May 04, 2005 1:33 PM Subject: directory traversal in SimpleCam 1.2 > > Donato Ferrante > > > Application: SimpleCam > http://www.deadpirate.com/ > > Version: 1.2 > > Bug: directory traversal > > Date: 04-May-2005 > > Author: Donato Ferrante > e-mail: [EMAIL PROTECTED] > web: www.autistici.org/fdonato > > > > xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx > > 1. Description > 2. The bug > 3. The code > 4. The fix > > > > xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx > > ---------------- > 1. Description: > ---------------- > > Vendor's Description: > > "SimpleCam is an easy to use webcam software product. It is designed > for people who want to stream live video from their computers without > paying a fortune or signing up for a service." > > > > xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx > > ------------ > 2. The bug: > ------------ > > The program has a built-in webserver that is not able to manage > patterns like "..\" into http requests. > So an attacker can go out the document root assigned to the webserver > and see/download all the files available on the remote system. > > > > xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx > > ------------- > 3. The code: > ------------- > > To test the vulnerability: > > http://[host]/..\..\..\..\..\..\..\..\..\..\..\..\windows\system.ini > > > > xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx > > ------------ > 4. The fix: > ------------ > > Bug fixed in the version 1.3. > > > > xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
