Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: Servers :: tb11405.htm

SHTTPD V1.38 server source code disclosure



SHTTPD V1.38 server source code disclosure
SHTTPD V1.38 server source code disclosure



SHTTPD V1.38 server source code disclosure
------------------------------------
link:http://shttpd.sourceforge.net/ 

info: The vulnerability is caused due to a parser error of the filename 

extension supplied by the user in the URL.
This can be exploited to retrieve the source code of script files.

POC: http://127.0.0.1/test.php%20 

Bug Found By: Shay priel aka Prili - imprili[at]gmail.com


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH