Omnicron OmniHTTPd 2.0.4-8 - File Source Disclosure

EDB-ID:

20886


Author:

astral

Type:

remote


Platform:

Windows

Date:

2001-05-26


source: https://www.securityfocus.com/bid/2788/info

Submitting a specially crafted GET request for a known file (.php, .pl, or .shtml), could cause OmniHTTPD to disclose the source code of the requested resource. The GET requested would have to be appended with the Unicode equivalent of a space.

Example:

GET /filename.php%20