8 lines
No EOL
385 B
Text
8 lines
No EOL
385 B
Text
source: http://www.securityfocus.com/bid/5177/info
|
|
|
|
It has been reported that version 1.0.2 of KF Web Server discloses the contents of directories when a certain character is present in the URL.
|
|
|
|
If a remote attacker appends the "%00" character, it will cause the web server to display the contents of the current directory.
|
|
|
|
http://server_name/subdir/%00
|
|
http://server_name/%00 |