kyprizel schrieb: > by default, there is a pagecount script with Sambar Web Server > it's situated at http://sambarserver/session/pagecount > counter writes it's temporary files at c:\sambardirectory\tmp > if we'll write http://sambarserver/session/pagecount?page=index > it will create file in Sambar temp directory with name index > and if we'll write > http://sambarserver/session/pagecount?page=../../../../../../autoexec.bat > script will rewrite first simbols of c:\autoexec.bat with it's number > so we able to add some text to any file on the disk... Can confirm this on Sambar 4.4production (intranet only ;-) and W2kpro. Since our installations use different drives for data and webpages vs. OS and programs we found out that on the drive where the SAMBAR-programs are located only an existing AUTOEXEC.bat ist affected, but no new file AUTOEXEC.bat e.g. is created. Regards, Axel Hammer -- de: Daten-Treuhand.de Michael-Imhof-Str. 17 86609 Donauwörth Tel.: +49 (0)906-70570621 Fax: +49 (0)906-70570622 info@daten-treuhand.de http://www.daten-treuhand.de
This archive was generated by hypermail 2b30 : Wed Jul 25 2001 - 09:04:49 PDT