SHTTPD V1.38 server source code disclosure

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

SHTTPD V1.38 server source code disclosure
------------------------------------
link:http://shttpd.sourceforge.net/

info: The vulnerability is caused due to a parser error of the filename 

extension supplied by the user in the URL.
This can be exploited to retrieve the source code of script files.

POC: http://127.0.0.1/test.php%20

Bug Found By: Shay priel aka Prili - imprili[at]gmail.com
[Index of Archives]     [Linux Security]     [Netfilter]     [PHP]     [Yosemite News]     [Linux Kernel]

  Powered by Linux