Full Disclosure mailing list archives
directory traversal in Yawcam 0.2.5
From: "Donato Ferrante" <fdonato () autistici org>
Date: Thu, 21 Apr 2005 14:25:20 -0000
Donato Ferrante Application: Yawcam http://www.yawcam.com Version: 0.2.5 Bug: directory traversal Date: 21-Apr-2005 Author: Donato Ferrante e-mail: fdonato () autistici org web: www.autistici.org/fdonato xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 1. Description 2. The bug 3. The code 4. The fix xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ---------------- 1. Description: ---------------- Vendor's Description: "Yawcam is a webcam software for windows". xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ------------ 2. The bug: ------------ The program has a built-in webserver that by default is able to avoid malicious patterns like "/../" but it's not able to manage patterns like "..\" or "\..\" into raw http requests. So an attacker can go out the document root assigned to the webserver and see/download all the files available on the remote system. xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ------------- 3. The code: ------------- To test the vulnerability, connect to the webserver and send a raw request like: GET ..\..\..\..\..\..\..\..\windows\system.ini HTTP/1.0 or: GET \..\..\..\..\..\..\..\..\windows\system.ini HTTP/1.0 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ------------ 4. The fix: ------------ Vendor was contacted. Bug will be probably fixed in the next release. xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- directory traversal in Yawcam 0.2.5 Donato Ferrante (Apr 21)