https://www.exploit-db.com/exploits/20886
https://www.securityfocus.com/bid/89082
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200110-109

OmniHTTPd2.0.8版本及之前版本存在漏洞。远程攻击者可以借助带有对一个空间(%20)的URL编码符号的GET请求来获得源代码。

source: http://www.securityfocus.com/bid/2788/info

Submitting a specially crafted GET request for a known file (.php, .pl, or .shtml), could cause OmniHTTPD to disclose the source code of the requested resource. The GET requested would have to be appended with the Unicode equivalent of a space.

Example:

GET /filename.php%20

Omnicron OmniHTTPD 2.0.8

–

Microsoft Windows 2000 Professional SP2

–

Microsoft Windows 2000 Professional SP1

–

Microso

来源:XF
名称:omnihttpd-reveal-source-code(6621)
链接:http://xforce.iss.net/static/6621.php
来源:www.omnicron.ca
链接:http://www.omnicron.ca/httpd/docs/release.html
来源:BUGTRAQ
名称:20010525RemotevulnerabilitiesinOmniHTTPd
链接:http://archives.neohapsis.com/archives/bugtraq/2001-05/0248.html