Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:5560
HistoryDec 22, 2003 - 12:00 a.m.

Directory traversal and XSS in Active Webcam <= 4.3

2003-12-2200:00:00
vulners.com
11
JSON

#######################################################################

                         Luigi Auriemma

Application: Active Webcam
http://www.pysoft.com/ActiveWebCamMainpage.htm
Versions: <= 4.3 before 17 Dec 2003
Platforms: Windows
Bugs: directory traversal and cross site scripting
Risk: high
Exploitation: remote with browser
Date: 19 Dec 2003
Author: Luigi Auriemma
e-mail: [email protected]
web: http://aluigi.altervista.org

#######################################################################

1) Introduction
2) Bugs
3) The Code
4) Fix

#######################################################################

===============
1) Introduction

Active WebCam is a shareware program for capturing and sharing the
video streams from a lot of video devices.

#######################################################################

=======
2) Bugs

The application has a built-in webserver to share the captured video
stream and it is vulnerable to a simple directory traversal (classical
"…/" and "…\") letting an attacker to see and download all the files
in the remote system if he know their paths.

The second bug instead is a cross site scripting bug on error pages, in
fact the user's input is not filtered and is shown in the returned page
(example: "The requested URL /<script> was not found on this server.").

#######################################################################

===========
3) The Code

A] Directory traversal bug:

http://server:8080/../../../windows/system.ini
http://server:8080/..&#92;..&#92;..&#92;windows/system.ini

B] Cross site scripting:

http://server:8080/&lt;script&gt;alert&#40;&#39;XSS example');</script>

#######################################################################

======
4) Fix

The vendor has quickly released a patched package but the version
number has not been changed and there are no news on the website about
the new package.
That means the users can't know that exists a new version of the
program and moreover that the new version fixes important bugs.

The new version has been released exactly the 17 Dec 2003 so all the
previous versions are vulnerables.
The only three methods to know if the own version is the old are to
test it or to check if the size of WebCam.exe version 4.3 is 1438720
bytes (size of the patched executable) or simply checking its date.

#######################################################################

Luigi Auriemma
http://aluigi.altervista.org

JSON