|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Michael Grice (grice
binc.net)Date: Mon Jun 04 2001 - 12:30:52 CDT
* Auriemma Luigi <kaino3genie.it> [010604 10:37] wrote:
[...]
> The bug is really simple. If the attacker insert an unicode space (%20)
> after the script file, the server think that the file requested is not a
> cgi script and for this it shown the source; this is an example:
>
> http://host/remote_login.pl%20
>
>
> And the result is the source of "remote_login.pl".
[...]
This also appears to be a bug in the web server shipped with 3.5. While
this worked as expected for the NT version, I was not able to duplicate
the problem with the Solaris or Linux versions.
Michael Grice <griceberbee.com>
Berbee Information Networks
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]