Hi, I'm using libcurl for HTTP request. I'm firing following HTTP request using libcurl: Note: I have set "CURLOPT_PATH_AS_IS" flat to 1 i.e. sensitization of url is disabled.
http://mytarget.com/../../../../../../../../../../etc/passwd But return 400 return response code. And following response: =============================================== <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>400 Bad Request</title> </head><body> <h1>Bad Request</h1> <p>Your browser sent a request that this server could not understand.<br /> </p> <hr> <address>Apache/2.0.52 (Red Hat) Server at 10.10.26.238 Port 80</address> </body></html> =============================================== However If I request same URL using chrome or firefox browner its give 200 response code and content of file "/etc/passwd" gets display. (I kept this file accessible purposefully for some testing). Any one came across same situation? Please provide pointer if any to resolve this? Thanks and Regards, Bala
------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
