####################################################################### Luigi Auriemma Application: Active Webcam http://www.pysoft.com/ActiveWebCamMainpage.htm Versions: <= 4.3 before 17 Dec 2003 Platforms: Windows Bugs: directory traversal and cross site scripting Exploitation: remote with browser Date: 19 Dec 2003 Author: Luigi Auriemma e-mail: aluigi@autistici.org web: aluigi.org ####################################################################### 1) Introduction 2) Bugs 3) The Code 4) Fix ####################################################################### =============== 1) Introduction =============== Active WebCam is a shareware program for capturing and sharing the video streams from a lot of video devices. ####################################################################### ======= 2) Bugs ======= The application has a built-in webserver to share the captured video stream and it is vulnerable to a simple directory traversal (classical "../" and "..\") letting an attacker to see and download all the files in the remote system if he know their path. The second bug instead is a cross site scripting bug on error pages, in fact the user's input is not filtered and is shown in the returned page (example: "The requested URL / ####################################################################### ====== 4) Fix ====== The vendor has quickly released a patched package but the version number has not been changed and there are no news on the website about the new package. That means the users can't know that exists a new version of the program and moreover that the new version fixes important bugs. The new version has been released exactly the 17 Dec 2003 so all the previous versions are vulnerables. The only three methods to know if the own version is the old are to test it or to check if the size of WebCam.exe version 4.3 is 1438720 bytes (size of the patched executable) or simply checking its date. #######################################################################