BugTraq
WebcamXP v1.06.945 Cross Site Scripting Vulnerabillity Jan 21 2004 06:03AM
Rafel Ivgi, The-Insider (theinsider 012 net il)
#######################################################################

Software: WebcamXP
Running Server: Indy/9.00.10
Vendor: http://www.webcamXP.com
Versions: 1.06.945
Platforms: Windows
Bug: Cross Site Scripting Vulnerabillity
Risk: Low
Exploitation: Remote with browser
Date: 21 Jan 2004
Author: Rafel Ivgi, The-Insider
e-mail: the_insider (at) mail (dot) com [email concealed]
web: http://theinsider.deep-ice.com

#######################################################################

1) Introduction
2) Bug
3) The Code

#######################################################################

===============
1) Introduction
===============

webcamXP is one of the most popular webcam software for private
and professional use. it offers unique features and unequaled ease
of use to let you broadcast / manage your video sources or secure
your company with up to 5 video sources per computer. the software
supports all video for windows / WDM sources and most file-based
or ip based sources.

#######################################################################

======
2) Bug
======

The Vulnerabillity is Cross Site Scripting type. If an attacker will
request the following url from the server
http://<host>/<script>alert('XSS')</script>
XSS appears and the server allows an attacker to inject & execute scripts.
XSS can be used to perform D.O.S attacks and actions against local users
using I.E vulnerablities.

Fix: Adding filtering engine to the server.
#######################################################################

===========
3) The Code
===========

http://<host>/<script>alert('XSS')</script>

#######################################################################

---
Rafel Ivgi, The-Insider
http://theinsider.deep-ice.com

"Things that are unlikeable, are NOT impossible."

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus