Lighttpd header folding exploit

[abhisek.datta at gmail.com (Abhisek Datta)]

Hi,

I have playing around with this bug for few weeks after it was made
public. The exploit is not reliable but "works in my box" certified at
least. Even after trying to make it a bit generic and work across
distros and compiles, don't think it is much reliable.

Attached is the exploit for people to play around and improve upon.
Although the bug is old, but surely its an interesting one.

-abhisek
-------------- next part --------------
A non-text attachment was scrubbed...
Name: lighttpd_header_folding.rb
Type: application/x-ruby
Size: 7220 bytes
Desc: not available
URL: <http://mail.metasploit.com/pipermail/framework/attachments/20071004/38855897/attachment.rb>