Bugtraq mailing list archives

Re: Sambar Web Server pagecount exploit code

From: Axel Hammer <info () daten-treuhand de>
Date: Wed, 25 Jul 2001 17:58:10 +0200

kyprizel schrieb:

by default, there is a pagecount script with Sambar Web Server
 it's situated at http://sambarserver/session/pagecount
 counter writes it's temporary files at c:\sambardirectory\tmp
 if we'll write http://sambarserver/session/pagecount?page=index
 it will create file in Sambar temp directory with name index
 and if we'll write
 http://sambarserver/session/pagecount?page=../../../../../../autoexec.bat
 script will rewrite first simbols of c:\autoexec.bat with it's number
 so we able to add some text to any file on the disk...


Can confirm this on Sambar 4.4production (intranet only ;-) and W2kpro. Since
our installations use different drives for data and webpages vs. OS and
programs we found out that on the drive where the SAMBAR-programs are located
only an existing AUTOEXEC.bat ist affected, but no new file AUTOEXEC.bat e.g.
is created.

Regards, Axel Hammer

--
de:
Daten-Treuhand.de
Michael-Imhof-Str. 17
86609 Donauwörth
Tel.: +49 (0)906-70570621
Fax: +49 (0)906-70570622
info () daten-treuhand de
http://www.daten-treuhand.de

Current thread:

Sambar Web Server pagecount exploit code kyprizel (Jul 25)
- <Possible follow-ups>
- Re: Sambar Web Server pagecount exploit code Axel Hammer (Jul 25)