Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

InnoMedia VideoPhone Authorization Bypass

From: "Rafel Ivgi, The-Insider" <theinsider () 012 net il>
Date: Sat, 28 Feb 2004 14:27:49 +0200
#######################################################################

Application:   InnoMedia VideoPhone
Server:            GoAhead-Webs
Vendors:         InnoMedia Pte Ltd
                         GoAhead Ltd
                         http://www.innomedia.com/
                         http://www.goahead.com/
Versions:        au75200xvi04010x
Platforms:       Windows
Bug:                Authorization Bypass
Risk:                High
Exploitation:   remote with browser
Date:               25 Dec 2003
Author:            Rafel Ivgi, The-Insider
e-mail:             the_insider () mail com
web:                http://theinsider.deep-ice.com

#######################################################################

1) Introduction
2) Bugs
3) The Code

#######################################################################

===============
1) Introduction
===============

The AXIS 2100 Network Camera offers crisp, quality images and streaming
video
from anywhere on your network. It lets you keep a close eye on the world
around
you, or show your part of it through the Web.

With a built-in high performance Web server, no PC is required. The network
camera
can operate as a standalone or be placed wherever there is a LAN or Internet
connection,
or an available modem.

#######################################################################

======
2) Bug
======

Browsing the server normally
http://<host>/
Will show some info about the server.
The server's menu appears on the left side and contains a few links
to protected files, which setup the server's settings/configuration.
When refering to any of the menu's "protected" links, such as:
http://<host>/videophone_admindetail.asp
A "Basic Authorization" request pops up.
This authorization can be easily bypassed by refering to the same file as a
folder.
http://<host>/videophone_admindetail.asp/

#######################################################################

===========
3) The Code
===========

http://<host>/videophone_admindetail.asp/
http://<host>/videophone_syscfg.asp/
http://<host>/videophone_upgrade.asp/
http://<host>/videophone_sysctrl.asp/

#######################################################################

---
Rafel Ivgi, The-Insider
http://theinsider.deep-ice.com

"Things that are unlikeable, are NOT impossible."
Previous By Date Next
Previous By Thread Next

Current thread: