Re: Webtrends HTTP Server %20 bug

From: Michael Grice (griceat_private)
Date: Mon Jun 04 2001 - 10:30:52 PDT

Next message: Jason DiCioccio: "Re: SSH allows deletion of other users files..."

Previous message: Georgi Guninski: "$HOME buffer overflow in SunOS 5.8 x86"
In reply to: Auriemma Luigi: "Webtrends HTTP Server %20 bug"
Next in thread: H D Moore: "Re: Webtrends HTTP Server %20 bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Auriemma Luigi <kaino3at_private> [010604 10:37] wrote:

[...]

> The bug is really simple. If the attacker insert an unicode space (%20)
> after the script file, the server think that the file requested is not a
> cgi script and for this it shown the source; this is an example:
> 
> http://host/remote_login.pl%20
> 
> 
> And the result is the source of "remote_login.pl".

[...]

This also appears to be a bug in the web server shipped with 3.5. While
this worked as expected for the NT version, I was not able to duplicate
the problem with the Solaris or Linux versions.

Michael Grice <griceat_private>
Berbee Information Networks

Next message: Jason DiCioccio: "Re: SSH allows deletion of other users files..."
Previous message: Georgi Guninski: "$HOME buffer overflow in SunOS 5.8 x86"
In reply to: Auriemma Luigi: "Webtrends HTTP Server %20 bug"
Next in thread: H D Moore: "Re: Webtrends HTTP Server %20 bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jun 04 2001 - 13:37:24 PDT