OmniHTTPd源代码获得漏洞

OmniHTTPd源代码获得漏洞

漏洞ID 1106356 漏洞类型 未知
发布时间 2001-05-26 更新时间 2001-10-18
图片[1]-OmniHTTPd源代码获得漏洞-安全小百科CVE编号 CVE-2001-0778
图片[2]-OmniHTTPd源代码获得漏洞-安全小百科CNNVD-ID CNNVD-200110-109
漏洞平台 Windows CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/20886
https://www.securityfocus.com/bid/89082
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200110-109
|漏洞详情
OmniHTTPd2.0.8版本及之前版本存在漏洞。远程攻击者可以借助带有对一个空间(%20)的URL编码符号的GET请求来获得源代码。
|漏洞EXP
source: http://www.securityfocus.com/bid/2788/info

Submitting a specially crafted GET request for a known file (.php, .pl, or .shtml), could cause OmniHTTPD to disclose the source code of the requested resource. The GET requested would have to be appended with the Unicode equivalent of a space.

Example:

GET /filename.php%20
|受影响的产品
Omnicron OmniHTTPD 2.0.8

Microsoft Windows 2000 Professional SP2

Microsoft Windows 2000 Professional SP1

Microso

|参考资料

来源:XF
名称:omnihttpd-reveal-source-code(6621)
链接:http://xforce.iss.net/static/6621.php
来源:www.omnicron.ca
链接:http://www.omnicron.ca/httpd/docs/release.html
来源:BUGTRAQ
名称:20010525RemotevulnerabilitiesinOmniHTTPd
链接:http://archives.neohapsis.com/archives/bugtraq/2001-05/0248.html

相关推荐: Microsoft Virtual Machine – Arbitrary Java Codebase Execution

Microsoft Virtual Machine – Arbitrary Java Codebase Execution 漏洞ID 1053468 漏洞类型 发布时间 2000-10-18 更新时间 2000-10-18 CVE编号 N/A CNNVD-ID…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享