MyServer-0.8.9 - source code disclosure

2007-06-21T00:00:00
ID SECURITYVULNS:DOC:17316
Type securityvulns
Reporter Securityvulns
Modified 2007-06-21T00:00:00

Description

The vulnerability is caused due to a parser error of the filename extension supplied by the user in the URL. This can be exploited to retrieve the source code of script files. Found By:Shay Priel aka Prili site: http://www.myserverproject.net/

poc:

http://localhost/cgi-bin/post.mscgI (I - capital letter)