DCAM WebCam Server Directory Traversal Vulnerability
24 Dec. 2003
Summary
DCAM WebCam server is an open source program written in VisualBasic that allows to capture live streaming video and to broadcast it on the web through the built-in web server. A directory traversal vulnerability in the product allows remote attackers to download files that reside outside the bound HTML root directory.
Credit:
The information has been provided by Luigi Auriemma.
Vulnerable systems:
* DCAM WebCam server version 8.2.5 and prior
Immune systems:
* DCAM WebCam server version 8.2.6
The web server built into DCAM uses a protection to avoid the directory traversal bug. We can see it in Form1.frm: ...
880 page = Replace(page, "..", "")
881 page = Replace(page, "./", "")
882 page = Replace(page, "/.", "")
883 page = Replace(page, "//", "")
884 page = Replace(page, "\", "")
...
The problem happens when the attacker uses the pattern ".\" that deceives the checks and allows him to see and download any file in the remote system knowing the path.
Exploit:
The following URLs can be used to test your server: http://server/.\.\.\.\/windows/system.ini , or http://server/.\.\.\.\.\.\.\.\.\.\/windows/system.ini.
Solution:
Upgrade to the latest version (version 8.2.6 or newer).
