source: http://www.securityfocus.com/bid/2788/info Submitting a specially crafted GET request for a known file (.php, .pl, or .shtml), could cause OmniHTTPD to disclose the source code of the requested resource. The GET requested would have to be appended with the Unicode equivalent of a space. Example: GET /filename.php%20