InnoMedia VideoPhone Authorization Bypass

Type securityvulns
Reporter Securityvulns
Modified 2004-03-01T00:00:00


Application: InnoMedia VideoPhone Server: GoAhead-Webs Vendors: InnoMedia Pte Ltd GoAhead Ltd Versions: au75200xvi04010x Platforms: Windows Bug: Authorization Bypass Risk: High Exploitation: remote with browser Date: 25 Dec 2003 Author: Rafel Ivgi, The-Insider e-mail: web:

1) Introduction 2) Bugs 3) The Code

=============== 1) Introduction ===============

The AXIS 2100 Network Camera offers crisp, quality images and streaming video from anywhere on your network. It lets you keep a close eye on the world around you, or show your part of it through the Web.

With a built-in high performance Web server, no PC is required. The network camera can operate as a standalone or be placed wherever there is a LAN or Internet connection, or an available modem.

====== 2) Bug ======

Browsing the server normally http://<host>/ Will show some info about the server. The server's menu appears on the left side and contains a few links to protected files, which setup the server's settings/configuration. When refering to any of the menu's "protected" links, such as: http://<host>/videophone_admindetail.asp A "Basic Authorization" request pops up. This authorization can be easily bypassed by refering to the same file as a folder. http://<host>/videophone_admindetail.asp/

=========== 3) The Code ===========

http://<host>/videophone_admindetail.asp/ http://<host>/videophone_syscfg.asp/ http://<host>/videophone_upgrade.asp/ http://<host>/videophone_sysctrl.asp/

Rafel Ivgi, The-Insider

"Things that are unlikeable, are NOT impossible."