CVE-2001-0778
OmniHTTPd < 2.0.8 - Unauthenticated Source Code Disclosure via URL-Encoded Space
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2001-0778. PoCs published by astral.
AI-analyzed exploit summary This exploit leverages a Unicode space encoding flaw in OmniHTTPD to disclose source code of files (.php, .pl, or .shtml) by appending %20 (Unicode space) to the GET request. The vulnerability arises due to improper handling of Unicode-encoded spaces in file requests.
Description
OmniHTTPd 2.0.8 and earlier allow remote attackers to obtain source code via a GET request with the URL-encoded symbol for a space (%20).
Exploits (1)
This exploit leverages a Unicode space encoding flaw in OmniHTTPD to disclose source code of files (.php, .pl, or .shtml) by appending %20 (Unicode space) to the GET request. The vulnerability arises due to improper handling of Unicode-encoded spaces in file requests.