Sambar Server 5.1 - Script Source Disclosure

EDB-ID:

21390

Author:

pgrundl

Type:

remote

Platform:

CGI

Published:

2002-04-17

source: http://www.securityfocus.com/bid/4533/info

An issue has been discovered in Sambar Server, which could allow a user to reveal the source code of script files.

Submitting a request for a known script file along with a space and null character (%00), will successfully bypass the serverside URL parsing. 

http://server/cgi-bin/environ.pl+%00