Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Webtrends HTTP Server %20 bug
From: Michael Grice <grice () binc net>
Date: Mon, 4 Jun 2001 12:30:52 -0500

* Auriemma Luigi <kaino3 () genie it> [010604 10:37] wrote:


The bug is really simple. If the attacker insert an unicode space (%20)
after the script file, the server think that the file requested is not a
cgi script and for this it shown the source; this is an example:


And the result is the source of "remote_login.pl".


This also appears to be a bug in the web server shipped with 3.5. While
this worked as expected for the NT version, I was not able to duplicate
the problem with the Solaris or Linux versions.

Michael Grice <grice () berbee com>
Berbee Information Networks

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]