Re: [shttpd-general] Security bugs in SHTTPD
Brought to you by:
drozd
Menu
▾
▴
Re: [shttpd-general] Security bugs in SHTTPD
|
From: Sergey L. <va...@gm...> - 2007-12-25 11:55:52
|
Thanks for reporting. The directory traversal is a flaw in shttpd, for win32 only. Source disclosure was a surprise for me. Apparently, this is a windows feature. When you try to open a file named like "a.exe " (note trailing space), windows actually opens "a.exe". I did not expect that. sergey |
