SHTTPD V1.38 server source code disclosure

2007-06-26T00:00:00
ID SECURITYVULNS:DOC:17346
Type securityvulns
Reporter Securityvulns
Modified 2007-06-26T00:00:00

Description

SHTTPD V1.38 server source code disclosure

link:http://shttpd.sourceforge.net/

info: The vulnerability is caused due to a parser error of the filename

extension supplied by the user in the URL. This can be exploited to retrieve the source code of script files.

POC: http://127.0.0.1/test.php%20

Bug Found By: Shay priel aka Prili - imprili[at]gmail.com