29 of November 2011 was the date of public disclosure interesting vulnerability in lighttpd server. Xi Wang discovered that mod_auth for this server does not propely decode characters from the extended ASCII table. The vulnerable code is below: “src/http_auth.c:67” — CUT — static const short base64_reverse_table[256] = …; static unsigned char * base64_decode(buffer *out, const … Continue reading Lighttpd Proof of Concept code for CVE-2011-4362