TUCoPS :: Web :: Apps :: picservr.htm

Picserver - break out of web root 
Vulnerability

    Picserver

Affected

    Picserver

Description

    Joe Testa found following.  A vulnerability exists which allows  a
    remote user to break out of the web root using relative paths (ie:
    '..', '...'):

        http://localhost:7000/../[file outside web root]
        http://localhost:7000/.../[file outside web root]

Solution

    No quick fix is possible.  Information Management Specialists  was
    contacted.  No reply was received.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2025 AOH