Sambar Web Server pagecount exploit code

From: kyprizel (kyprizelat_private)
Date: Sat Jul 21 2001 - 11:18:04 PDT

Next message: Jonathan (Listserv Account): "RE: Oracle Vulnerability Discovered in OID"

Previous message: CERT Advisory: "CERT Advisory CA-2001-21"
Next in thread: Axel Hammer: "Re: Sambar Web Server pagecount exploit code"
Reply: Axel Hammer: "Re: Sambar Web Server pagecount exploit code"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

 by default, there is a pagecount script with Sambar Web Server
 it's situated at http://sambarserver/session/pagecount
 counter writes it's temporary files at c:\sambardirectory\tmp
 if we'll write http://sambarserver/session/pagecount?page=index
 it will create file in Sambar temp directory with name index
 and if we'll write
 http://sambarserver/session/pagecount?page=../../../../../../autoexec.bat
 script will rewrite first simbols of c:\autoexec.bat with it's number
 so we able to add some text to any file on the disk...

//kyprizel                          mailto:kyprizelat_private

Next message: Jonathan (Listserv Account): "RE: Oracle Vulnerability Discovered in OID"
Previous message: CERT Advisory: "CERT Advisory CA-2001-21"
Next in thread: Axel Hammer: "Re: Sambar Web Server pagecount exploit code"
Reply: Axel Hammer: "Re: Sambar Web Server pagecount exploit code"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jul 25 2001 - 08:30:23 PDT