exploit-db-mirror/exploits/cgi/remote/21390.txt

source: https://www.securityfocus.com/bid/4533/info

An issue has been discovered in Sambar Server, which could allow a user to reveal the source code of script files.

Submitting a request for a known script file along with a space and null character (%00), will successfully bypass the serverside URL parsing.

http://server/cgi-bin/environ.pl+%00