OwnServer10.txt

OwnServer10.txt: Posted Jan 21, 2004; Authored by Rafel Ivgi | Site theinsider.deep-ice.com; OwnServer, a web server used for watching security cameras remotely, is susceptible to a directory traversal bug that allows a remote attacker to gain access to files outside of the webroot.; tags | exploit, remote, web; SHA-256 | b32b6045df134cd7484a3ae7c2e8bfa669777d8d1b0a5b081d9961a173b87d02; Download | Favorite | View

OwnServer10.txt

#######################################################################

Application:    OwnServer (Used By Security Cameras Products)
Vendors:        http://www.anteco.co.il
Big Resellers:
                      http://www.anykeeper.com
                      http://www.sahar-systems.co.il

Versions:        <= 1.0
Platforms:       Windows
Bug:                Directory Transversal Vulnerability
Risk:                High
Exploitation:    Remote with browser
Date:               25 Dec 2003
Author:            Rafel Ivgi, The-Insider
e-mail:             the_insider@mail.com
web:                http://theinsider.deep-ice.com

#######################################################################

1) Introduction
2) Bug
3) The Code

#######################################################################

===============
1) Introduction
===============


OwnServer is a web server used as a webserver for watching security cameras
remotly.
It allows broadcasting live streaming video on the web through the built-in
webserver.


#######################################################################

======
2) Bug
======

The webserver uses a protection to avoid the directory traversal bug.
"//"  is replaced to  ""
"\." and "\.."  is replaced to  ""
"\"  is replaced to  "/"
"\\"  is replaced to  "//"

The webserver uses no protection to avoid the directory traversal bug.
The problem happens when the attacker uses the classic pattern "/../" that
allows him to see and download any file in the remote system knowing the
path.
This allows any attacker to : Read and download any local file, and in most
cases retrieve the machine's password files and invade it (using
ssh,ftp,http,netbios,samba etc...).

#######################################################################

===========
3) The Code
===========

http://<host>/../../boot.ini
http://<host>/../../../boot.ini
http://<host>/../../../../boot.ini
http://<host>/../../../../../boot.ini
http://<host>/../../../../../../boot.ini

#######################################################################

---
Rafel Ivgi, The-Insider
http://theinsider.deep-ice.com

"Things that are unlikeable, are NOT impossible."

Top Authors In Last 30 Days

Red Hat 232 files
Ubuntu 59 files
Debian 27 files
Valentin Lobstein 11 files
LiquidWorm 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,318)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,567)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,456)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

OwnServer10.txt

OwnServer10.txt

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

OwnServer10.txt

Share This

OwnServer10.txt

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems