*** I'm sorry if this bug is already known, but I have not found it in the SecurityFocus and other archives. Author: Auriemma Luigi VERSION TESTED: Webtrends HTTP Server V3.1c (Webtrends Reporting Server) RISK: Viewing the source of the cgi scripts The bug is really simple. If the attacker insert an unicode space (%20) after the script file, the server think that the file requested is not a cgi script and for this it shown the source; this is an example: http://host/remote_login.pl%20 And the result is the source of "remote_login.pl". I have not contacted Webtrends because I wait for more opinions, and for result with other versions. Thanks for your attention.
This archive was generated by hypermail 2b30 : Mon Jun 04 2001 - 08:42:32 PDT