Create scenes made up of multiple sources including window captures, images, text, browser. High performance real time video/audio capturing and mixing. Download and start streaming quickly and easily on Windows, Mac or Linux. \ for example '.\./', '.\/' or '.\./'.įor files with no extension a single dot needs to be appended to ensure the HTTP server does not alter the request.īy sending the following string to the Yawcam HTTP server we can read the hosts file from the target machine Free and open source software for video recording and live streaming.
The Yamcam HTTP server contains a directory traversal vulnerability that allows attacker to read arbitrary files through a sequence in the form '.x./' or '.\x/' where x is a pattern composed of one or more (zero or more for the second pattern) of either \ or. For some reason magically it later also showed mjpg. At one point the options in yawcam only showed javacript or java applet. Yawcam is a free webcam software with an integrated HTTP server and wide variety of features. Depending on how its all set up, I got the stream set as Make sure your are using the latest version of Yawcam. Change Mirror Download Directory traversal vulnerability in Yawcam webcam serverĪffected Versions: Yawcam 0.2.6 through 0.6.0īy sending a specially crafted HTTP GET request a remote attacker can read arbitrary files on the target computer under the privileges of the Yawcam software or service.
0 kommentar(er)
