[UNIX] ImgSvr Directory Traversal
- From: SecuriTeam <support@xxxxxxxxxxxxxx>
- Date: 11 Jul 2007 14:28:51 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
ImgSvr Directory Traversal
------------------------------------------------------------------------
SUMMARY
<http://adaimgsvr.sourceforge.net/> ImgSvr is "a personal or corporate
Embedded Picture Web Server that let's you efficiently browse digital
pictures. Contrary to other gallery systems, imgsvr aimed to be an easy
and fully dynamic picture server, no static created thumbnails are
created". A vulnerability within the ImgSvr allows remote attackers to
access files that reside outside the bounding root directory of the web
server.
DETAILS
It is possible to pass a value in the template parameter of requests to
ImgSvr which causes arbitrary files to be returned from outside of the web
root as follows:
GET /?template=../../../../../../../../../../etc/passwd HTTP/1.0
Impact:
An attacker could cause access to arbitrary files.
ADDITIONAL INFORMATION
The information has been provided by Tim Brown - Portcullis Computer
Security Ltd.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Prev by Date: [EXPL] Sun Java WebStart JNLP Stack Buffer Overflow (Exploit PoC)
- Next by Date: [EXPL] SquirrelMail G/PGP Encryption Plug-in Remote Command Execution Vulnerability
- Previous by thread: [EXPL] Sun Java WebStart JNLP Stack Buffer Overflow (Exploit PoC)
- Next by thread: [EXPL] SquirrelMail G/PGP Encryption Plug-in Remote Command Execution Vulnerability
- Index(es):
Relevant Pages
|
|
