header-logo
Suggest Exploit
vendor:
OmniHTTPD
by:
Unknown
5
CVSS
MEDIUM
Source Code Disclosure
200
CWE
Product Name: OmniHTTPD
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: YES
Related CWE: CVE-2001-0944
CPE: a:omnicron:omnihttpd
Metasploit:
Other Scripts:
Platforms Tested:
2001

OmniHTTPD Source Code Disclosure Vulnerability

Submitting a specially crafted GET request for a known file (.php, .pl, or .shtml), could cause OmniHTTPD to disclose the source code of the requested resource. The GET requested would have to be appended with the Unicode equivalent of a space.

Mitigation:

Upgrade to a patched version of OmniHTTPD or switch to a different web server software.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/2788/info

Submitting a specially crafted GET request for a known file (.php, .pl, or .shtml), could cause OmniHTTPD to disclose the source code of the requested resource. The GET requested would have to be appended with the Unicode equivalent of a space.

Example:

GET /filename.php%20

Navigation

Suggest Exploit

Services By CQR