VERSION TESTED: Webtrends HTTP Server V3.1c (Webtrends Reporting Server) Date: 03 Jun 2001 Author: Luigi Auriemma e-mail: aluigi@autistici.org web: aluigi.org The bug is really simple. If the attacker insert an hex space (%20) after the script file, the server think that the file requested is not a cgi script and for this it shown the source; this is an example: http://host/remote_login.pl%20 And the result is the source of "remote_login.pl". I have not contacted Webtrends because I wait for more opinions, and for result with other versions. (Then Webtrends has been contacted but they have not answered to my mail)