News

Exploit in WebUI Media Player Classic allows access to private photos

By admin
Spread the love

It turns out that it is possible to steal photos from a computer within the same network via the web interface of Media Player Classic – Home Cinema. In order to do that, the WebUI function in MPC-HC must be turned on.

The WebUI function is used as an API by many Android and iOS apps to access remote control functions for MPC-HC within a local area network. The leak was discovered by a writer of the Tumblr blog 3vildata who was reviewing the source code of MPC-HC to get better at reading C++.

When the WebUI function is on, the media player listens for input through the external interfaces of the machine running the program. The web interface is a powerful tool: it is possible, for example, to open a simple file explorer, adjust the volume or turn off the computer completely. Files supported by MPC-HC can be opened via the interface. Since no authentication is required to operate the web interface, a malicious person can play pranks, such as playing a video, by controlling the media player via the cli within the same network.

The author of the article notes that this can only be used for nonsense, for example by attaching a network drive to the network and thus playing unwanted videos. It may be annoying that this is possible, but it is not possible to modify external content and only MPC-HC supported file formats can be opened by the browser.

However, it appears to be possible to take and export screenshots to another machine via a function called OnSnapshotJpeg() on line 806 in WebClientSocket.cpp. The function can be used to take a snapshot of what is currently displayed in MPC-HC. In this way it is possible to open pictures via MPC-HC and download them as /snapshot.jpg. A simple proof-of-concept script shows how this could be done, for example.

The exploit was reported by the author to the MPC-HC team as early as May 5 this year, but despite the prompt response and highest priority, nothing has been done to resolve the issue, according to the author. The developers say the team lacks the manpower to take a closer look at the problem. The information has been publicly available in MPC-HC’s bug tracker since the report, prompting the author to dedicate a blog post to it. Abuse is easily prevented by unchecking the web interface access outside a trusted network.

You might also like
News

Rumor: Apple is working on its own applications based on a large language model

News

Blizzard will release certain games via Steam, starting with Overwatch 2

News

Zeeland power grid is full, grid operator stops new requests from major consumers

News

Brave sells web content as data for AI training

News

Tesla has started production of Cybertruck, almost four years after its unveiling

News

PC version Ratchet & Clank: Rift Apart required by DirectStorage 1.2 no SSD