Full Disclosure mailing list archives
WebcamXP
From: "Morning Wood" <se_cur_ity () hotmail com>
Date: Mon, 18 Apr 2005 14:45:01 -0700
------------------------------------------------------------ - EXPL-A-2005-005 exploitlabs.com Advisory 034 - ------------------------------------------------------------ - WebcamXP - OVERVIEW ======== webcamXP is one of the most popular webcam software for private and professional use. it offers unique features and unequaled ease of use to let you broadcast / manage your video sources or secure your company with up to 10 video sources per computer. AFFECTED PRODUCTS ================= webcamXP PRO v2.16.468 and below DETAILS ======= 1. A vulnerability in WebcamXP allows malicious attackers to redirect chat users login to any URL they wish. This allows the attacker to force the chat users to the site of the attackers choosing. 2. By submitting a long user name in chat, an attacker can render the chat feature unuseable in that the chat is pushed off of the frame rendering the chatbox useless. PROOF OF CONCEPT ================ 1. enter as a chat name any XSS like <iframe src="http://whatismyip.com"></iframe> all users are forceably redirected to the iframe url. ( other xss works too ) 2. enter a username of extreme length. ( A x 128 ) the chatbox is moved over to give space to the username, disallowing further input by existing users. SOLUTION ======== Vendor contacted April 15, 2005 Patch / Update released April 18, 2005 webcamXP PRO v2.16.478 http://webcamxp.com CREDITS ======= This vulnerability was discovered and researched by Donnie Werner of exploitlabs.com Donnie Werner se_cur_ity () hotmail com wood () exploitlabs com morning_wood () zone-h org -- Web: http://exploitlabs.com http://zone-h.org _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- WebcamXP Morning Wood (Apr 18)