Bugtraq mailing list archives
Re: Webtrends HTTP Server %20 bug
From: Michael Grice <grice () binc net>
Date: Mon, 4 Jun 2001 12:30:52 -0500
* Auriemma Luigi <kaino3 () genie it> [010604 10:37] wrote: [...]
The bug is really simple. If the attacker insert an unicode space (%20) after the script file, the server think that the file requested is not a cgi script and for this it shown the source; this is an example: http://host/remote_login.pl%20 And the result is the source of "remote_login.pl".
[...] This also appears to be a bug in the web server shipped with 3.5. While this worked as expected for the NT version, I was not able to duplicate the problem with the Solaris or Linux versions. Michael Grice <grice () berbee com> Berbee Information Networks
Current thread:
- Webtrends HTTP Server %20 bug Auriemma Luigi (Jun 04)
- Re: Webtrends HTTP Server %20 bug Michael Grice (Jun 04)
- Re: Webtrends HTTP Server %20 bug H D Moore (Jun 05)
- RE: Webtrends HTTP Server %20 bug Eric Hacker (Jun 07)
- RE: Webtrends HTTP Server %20 bug Glynn Clements (Jun 08)
- Re: Webtrends HTTP Server %20 bug (UTF-8) Peter W (Jun 10)
- Re: Webtrends HTTP Server %20 bug (UTF-8) zsn (Jun 11)
- RE: Webtrends HTTP Server %20 bug Eric Hacker (Jun 07)