|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
SHTTPD V1.38 server source code disclosure
imprili
gmail.com
Date: Sat Jun 23 2007 - 12:21:38 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
SHTTPD V1.38 server source code disclosure
------------------------------------
link:http://shttpd.sourceforge.net/
info: The vulnerability is caused due to a parser error of the filename
extension supplied by the user in the URL.
This can be exploited to retrieve the source code of script files.
POC: http://127.0.0.1/test.php%20
Bug Found By: Shay priel aka Prili - imprili[at]gmail.com
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]