7 lines
No EOL
334 B
Text
7 lines
No EOL
334 B
Text
source: http://www.securityfocus.com/bid/2788/info
|
|
|
|
Submitting a specially crafted GET request for a known file (.php, .pl, or .shtml), could cause OmniHTTPD to disclose the source code of the requested resource. The GET requested would have to be appended with the Unicode equivalent of a space.
|
|
|
|
Example:
|
|
|
|
GET /filename.php%20 |