> What port does the webserver run on? > > Can we assume 80 ? or 8080 ? or even 8000 ?
The webserver runs on 80. > > Also can someone say what reponse the server has to a scan on that port > that it runs on > > ~pingywon > ----- Original Message ----- > From: "Donato Ferrante" <[EMAIL PROTECTED]> > To: <[email protected]>; <[EMAIL PROTECTED]>; > <[email protected]>; <[EMAIL PROTECTED]>; > <[EMAIL PROTECTED]> > Sent: Wednesday, May 04, 2005 1:33 PM > Subject: directory traversal in SimpleCam 1.2 > > > Donato Ferrante > > > > > > Application: SimpleCam > > http://www.deadpirate.com/ > > > > Version: 1.2 > > > > Bug: directory traversal > > > > Date: 04-May-2005 > > > > Author: Donato Ferrante > > e-mail: [EMAIL PROTECTED] > > web: www.autistici.org/fdonato > > > > > > > > xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx > > > > 1. Description > > 2. The bug > > 3. The code > > 4. The fix > > > > > > > > xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx > > > > ---------------- > > 1. Description: > > ---------------- > > > > Vendor's Description: > > > > "SimpleCam is an easy to use webcam software product. It is designed > > for people who want to stream live video from their computers without > > paying a fortune or signing up for a service." > > > > > > > > xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx > > > > ------------ > > 2. The bug: > > ------------ > > > > The program has a built-in webserver that is not able to manage > > patterns like "..\" into http requests. > > So an attacker can go out the document root assigned to the webserver > > and see/download all the files available on the remote system. > > > > > > > > xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx > > > > ------------- > > 3. The code: > > ------------- > > > > To test the vulnerability: > > > > http://[host]/..\..\..\..\..\..\..\..\..\..\..\..\windows\system.ini > > > > > > > > xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx > > > > ------------ > > 4. The fix: > > ------------ > > > > Bug fixed in the version 1.3. > > > > > > > > xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx -- Donato Ferrante www.autistici.org/fdonato _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
