source: http://www.securityfocus.com/bid/977/info Appending "%00" to the end of a CGI script filename will permit a remote client to view full contents of the script if the CGI module option "allow CGIs anywhere" is enabled. Scripts located in directories which are designated as executable (eg. \cgi-bin) are not vulnerable to this exploit. http ://target/script.cgi%00 "%00" may be replaced with "%G0", "%W0", "%EW", "%FG", "%UW", or "%VG" in order to achieve the same results.
Related ExploitsTrying to match CVEs (1): CVE-2000-0149
Trying to match OSVDBs (1): 254
Other Possible E-DB Search Terms: Zeus Web Server 3.x, Zeus Web Server
|2002-11-08||Zeus Web Server 4.0/4.1 - Admin Interface Cross-Site Scripting||euronymous|
|2010-01-15||Zeus Web Server 4.x - 'SSL2_CLIENT_HELLO' Remote Buffer Overflow||Intevydis|
|2003-05-29||Zeus Web Server 4.x - Admin Interface VS_Diag.cgi Cross-Site Scripting||Hugo Vazquez|