TUCoPS :: Web :: Servers :: tb11405.htm

SHTTPD V1.38 server source code disclosure
SHTTPD V1.38 server source code disclosure
SHTTPD V1.38 server source code disclosure


SHTTPD V1.38 server source code disclosure
------------------------------------
link:http://shttpd.sourceforge.net/ 

info: The vulnerability is caused due to a parser error of the filename 

extension supplied by the user in the URL.
This can be exploited to retrieve the source code of script files.

POC: http://127.0.0.1/test.php%20 

Bug Found By: Shay priel aka Prili - imprili[at]gmail.com

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH