Summary
PHP Webcam Video Conferenceis prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.
Impact
A remote attacker can exploit this issue to obtain sensitive information that could aid in further attacks.
Solution
Upgrade to the new version ifrom the videowhisper vendor homepage.
Insight
Input of the 's' value in rtmp_login.php is not properly sanitized.
Detection
Send a HTTP GET request which tries to read a local file.
References
Updated on 2015-03-25
