CVE-2007-3365

HIGH

myserver < 0.8.9 - Sensitive Information Exposure via Case Sensitivity Bypass

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-3365. PoCs published by Shay Priel.

AI-analyzed exploit summary The exploit describes an information-disclosure vulnerability in MyServer 0.8.9, where accessing a specific URI with a capital 'I' at the end exposes sensitive information. The advisory references a SecurityFocus BID but lacks detailed technical analysis or functional exploit code.

Description

MyServer 0.8.9 and earlier does not properly handle uppercase characters in filename extensions, which allows remote attackers to obtain sensitive information (script source code) via a modified extension, as demonstrated by post.mscgI.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Shay Priel · textremotemultiple

https://www.exploit-db.com/exploits/30219

View Code ZIP pw:eip

The exploit describes an information-disclosure vulnerability in MyServer 0.8.9, where accessing a specific URI with a capital 'I' at the end exposes sensitive information. The advisory references a SecurityFocus BID but lacks detailed technical analysis or functional exploit code.

Classification

Writeup 80%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Theoretical

Target: MyServer 0.8.9

No auth needed

Prerequisites: Network access to the target server

MITRE ATT&CK