Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:17316
HistoryJun 21, 2007 - 12:00 a.m.

MyServer-0.8.9 - source code disclosure

2007-06-2100:00:00
vulners.com
23

The vulnerability is caused due to a parser error of the filename extension supplied by the user in the URL.
This can be exploited to retrieve the source code of script files.
Found By:Shay Priel aka Prili
site:
http://www.myserverproject.net/

poc:

http://localhost/cgi-bin/post.mscgI (I - capital letter)