Directory traversal vulnerability in Yawcam webcam server
===========================&# Directory traversal vulnerability in Yawcam webcam server
=========================================================
Overview
--------
Affected Versions: Yawcam 0.2.6 through 0.6.0
Patched Versions: Yawcam 0.6.1
Vendor: Yawcam
Vendor URL: http://www.yawcam.com
CVE: CVE-2017-17662
Credit: David Panter, Global Relay CSOC
Status: Public
Public disclosure URL: http://www.yawcam.com/news.php
Summary
-------
By sending a specially crafted HTTP GET request a remote attacker can read arbitrary files on the target computer under the privileges of the Yawcam software or service.
Product Description
-------------------
Yawcam is a free webcam software with an integrated HTTP server and wide variety of features.
Severity Rating: High
Vulnerability description
-------------------------
The Yamcam HTTP server contains a directory traversal vulnerability that allows attacker to read arbitrary files through a sequence in the form '.x./' or '....x/' where x is a pattern composed of one or more (zero or more for the second pattern) of either or .. for example '../', '..../' or '..../'.
For files with no extension a single dot needs to be appended to ensure the HTTP server does not alter the request.
POC
---
By sending the following string to the Yawcam HTTP server we can read the hosts file from the target machine
"GET /../../../../../../../windows/system32/drivers/etc/hosts."
Timeline
--------
2017-12-12 Vulnerability discovered
2017-12-13 Vendor contacted
2017-12-13 CVE ID assigned
2017-12-15 Vendor reply
2017-12-18 Fixed version released
2017-12-18 Vendor disclosed vulnerability
Yawcam 0.6.0 Directory Traversal
- Details
- Written by: khalil shreateh
- Category: Vulnerabilities
- Hits: 335