[20850] in bugtraq
Re: Webtrends HTTP Server %20 bug
daemon@ATHENA.MIT.EDU (Michael Grice)
Mon Jun 4 16:36:45 2001
Date: Mon, 4 Jun 2001 12:30:52 -0500
From: Michael Grice <grice@binc.net>
To: Auriemma Luigi <kaino3@genie.it>
Cc: BUGTRAQ@securityfocus.com
Message-ID: <20010604123051.O13680@ctg-mail.binc.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <Pine.WNT.4.33.0106031211050.1496-100000@ect004>; from kaino3@genie.it on Sun, Jun 03, 2001 at 12:41:51PM +0200
* Auriemma Luigi <kaino3@genie.it> [010604 10:37] wrote:
[...]
> The bug is really simple. If the attacker insert an unicode space (%20)
> after the script file, the server think that the file requested is not a
> cgi script and for this it shown the source; this is an example:
>
> http://host/remote_login.pl%20
>
>
> And the result is the source of "remote_login.pl".
[...]
This also appears to be a bug in the web server shipped with 3.5. While
this worked as expected for the NT version, I was not able to duplicate
the problem with the Solaris or Linux versions.
Michael Grice <grice@berbee.com>
Berbee Information Networks
