Main Forums Links The Vault Misc Wallpapers Login

features post Articles (Articles) search files, exploits & links sections: Article ThemesArticlesArticles -> EncryptionArticles -> HardwareArticles -> HistoryArticles -> LinkArticles -> NetworkingArticles -> ProgrammingArticles -> SecurityArticles -> SoftwareBoxster's LifestyleHOW-TO -> *nixHOW-TO -> HardwareHOW-TO -> NetworkingHOW-TO -> ProgrammingHOW-TO -> WindowsInterviewsNew Order NewsletterOut of the boxReviews -> BooksReviews -> HardwareReviews -> SoftwareSite NewsTheme of the monthViews online chat  server:    irc.xor.cx  channel:    #neworder random article Zero Configuration Networking assassin007 Mar 3 2003 quotable quotes If you can't find a solution, try assuming that you have a solution and seeing what you can derive from that ("working backward"). George Pólya

InnoMedia VideoPhone Authorization Bypass @ Exploits -> Other     Feb 28 2004, 22:14 (UTC+0) furcalor writes: ####################################################################### Application: InnoMedia VideoPhone Server: GoAhead-Webs Vendors: InnoMedia Pte Ltd GoAhead Ltd http://www.innomedia.com/ http://www.goahead.com/ Versions: au75200xvi04010x Platforms: Windows Bug: Authorization Bypass Risk: High Exploitation: remote with browser Date: 25 Dec 2003 Author: Rafel Ivgi, The-Insider e-mail: the_insider@mail.com web: http://theinsider.deep-ice.com ####################################################################### 1) Introduction 2) Bugs 3) The Code ####################################################################### =============== 1) Introduction =============== The AXIS 2100 Network Camera offers crisp, quality images and streaming video from anywhere on your network. It lets you keep a close eye on the world around you, or show your part of it through the Web. With a built-in high performance Web server, no PC is required. The network camera can operate as a standalone or be placed wherever there is a LAN or Internet connection, or an available modem. ####################################################################### ====== 2) Bug ====== Browsing the server normally http:/// Will show some info about the server. The server's menu appears on the left side and contains a few links to protected files, which setup the server's settings/configuration. When refering to any of the menu's "protected" links, such as: http:///videophone_admindetail.asp A "Basic Authorization" request pops up. This authorization can be easily bypassed by refering to the same file as a folder. http:///videophone_admindetail.asp/ ####################################################################### =========== 3) The Code =========== http:///videophone_admindetail.asp/ http:///videophone_syscfg.asp/ http:///videophone_upgrade.asp/ http:///videophone_sysctrl.asp/ ####################################################################### --- Rafel Ivgi, The-Insider http://theinsider.deep-ice.com "Things that are unlikeable, are NOT impossible." read comments (0) / write comment printer-friendly version Top of page

powered by

The content, logo and design of this site is © 2008 by particular authors, the New Order team and Box Network ltd.
For more information about New Order contact Marek
The privacy policy statement for Box Network.