yawcam025.txt

2005-06-01T00:00:00
ID PACKETSTORM:37809
Type packetstorm
Reporter Donato Ferrante
Modified 2005-06-01T00:00:00

Description

                                        
                                            `  
Donato Ferrante  
  
  
Application: Yawcam  
http://www.yawcam.com  
  
Version: 0.2.5  
  
Bug: directory traversal  
  
Date: 21-Apr-2005  
  
Author: Donato Ferrante  
e-mail: fdonato@autistici.org  
web: www.autistici.org/fdonato  
  
  
  
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx  
  
1. Description  
2. The bug  
3. The code  
4. The fix  
  
  
  
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx  
  
----------------  
1. Description:  
----------------  
  
Vendor's Description:  
  
"Yawcam is a webcam software for windows".  
  
  
  
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx  
  
------------  
2. The bug:  
------------  
  
The program has a built-in webserver that by default is able to avoid  
malicious patterns like "/../" but it's not able to manage patterns  
like "..\" or "\..\" into raw http requests.  
So an attacker can go out the document root assigned to the webserver  
and see/download all the files available on the remote system.  
  
  
  
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx  
  
-------------  
3. The code:  
-------------  
  
To test the vulnerability, connect to the webserver and send a raw  
request like:  
  
GET ..\..\..\..\..\..\..\..\windows\system.ini HTTP/1.0  
  
or:  
  
GET \..\..\..\..\..\..\..\..\windows\system.ini HTTP/1.0  
  
  
  
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx  
  
------------  
4. The fix:  
------------  
  
Vendor was contacted.  
Bug will be probably fixed in the next release.  
  
  
  
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx  
`