Bugtraq mailing list archives
Re: Sambar Web Server pagecount exploit code
From: Axel Hammer <info () daten-treuhand de>
Date: Wed, 25 Jul 2001 17:58:10 +0200
kyprizel schrieb:
by default, there is a pagecount script with Sambar Web Server it's situated at http://sambarserver/session/pagecount counter writes it's temporary files at c:\sambardirectory\tmp if we'll write http://sambarserver/session/pagecount?page=index it will create file in Sambar temp directory with name index and if we'll write http://sambarserver/session/pagecount?page=../../../../../../autoexec.bat script will rewrite first simbols of c:\autoexec.bat with it's number so we able to add some text to any file on the disk...
Can confirm this on Sambar 4.4production (intranet only ;-) and W2kpro. Since our installations use different drives for data and webpages vs. OS and programs we found out that on the drive where the SAMBAR-programs are located only an existing AUTOEXEC.bat ist affected, but no new file AUTOEXEC.bat e.g. is created. Regards, Axel Hammer -- de: Daten-Treuhand.de Michael-Imhof-Str. 17 86609 Donauwörth Tel.: +49 (0)906-70570621 Fax: +49 (0)906-70570622 info () daten-treuhand de http://www.daten-treuhand.de
Current thread:
- Sambar Web Server pagecount exploit code kyprizel (Jul 25)
- <Possible follow-ups>
- Re: Sambar Web Server pagecount exploit code Axel Hammer (Jul 25)