header-logo
Suggest Exploit
vendor:
ImgSvr
by:
7.5
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: ImgSvr
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

ImgSvr Directory Traversal Vulnerability

ImgSvr is prone to an issue that may allow an attacker to view files that reside outside of the server root directory. This issue occurs because the application fails to properly sanitize user-supplied URI data. A successful exploit may allow a remote attacker to access sensitive information that may be used to launch further attacks against a vulnerable system.

Mitigation:

Apply the latest patch or upgrade to a version that has fixed this vulnerability. Additionally, ensure that the application properly sanitizes user-supplied input to prevent directory traversal attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10048/info

ImgSvr is prone to an issue that may allow an attacker to view files that reside outside of the server root directory. This issue occurs because the application fails to properly sanitize user-supplied URI data.

A successful exploit may allow a remote attacker to access sensitive information that may be used to launch further attacks against a vulnerable system. 

To view a selected file:
http://www.example.com:1234/%2f%2e%2e%2f%2f%2e%2e%2f%2f%2e%2e%2f%2f%2e%2e%2f%2f%2e%2e%2fboot.ini

To list a directory:
http://www.example.com:1234/%2f%2e%2e%2f%2f%2e%2e%2f/

Navigation

Suggest Exploit

Services By CQR