header-logo
Suggest Exploit
vendor:
Webserver
by:
SecurityFocus
7.5
CVSS
HIGH
Source Code Disclosure
200
CWE
Product Name: Webserver
Affected Version From: GoAhead 2.1.7 and earlier
Affected Version To: GoAhead 2.1.7 and earlier
Patch Exists: YES
Related CWE: N/A
CPE: goahead
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

GoAhead webserver Source Code Disclosure Vulnerability

GoAhead webserver fails to sanitize HTTP requests, allowing an attacker to append certain characters to the end of an HTTP request for a specific ASP file. As a result, GoAhead webserver will disclose the contents of the requested ASP script file to the attacker.

Mitigation:

Upgrade to the latest version of GoAhead webserver
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/9239/info

A vulnerability in GoAhead webserver may result in the disclosure of the source code of ASP script files. The vulnerability occurs because the application fails to sanitize HTTP requests.

An attacker can append certain characters to the end of an HTTP request for a specific ASP file. As a result, GoAhead webserver will disclose the contents of the requested ASP script file to the attacker.

This issue affects GoAhead 2.1.7 and earlier. 

http://www.example.com/asp.asp%00
http://www.example.com/asp.asp%2f
http://www.example.com/asp.asp%5c
http://www.example.com/asp.asp/
http://www.example.com/asp.asp

Navigation

Suggest Exploit

Services By CQR