exploit the possibilities

sambar.remote.dos.txt

sambar.remote.dos.txt
Posted Nov 22, 2001
Authored by Sixkiller

The Sambar web server version 4.3 Beta 2 is vulnerable to remote buffer overflow. Dos example included.

tags | exploit, remote, web, overflow
MD5 | 0b0f8d9b9c0fbc7545614821d17db79d

sambar.remote.dos.txt

Change Mirror Download
Remote attack on Sambar Server 4.3 Beta 2

It is possible to crash sambar server by causing buffer overflow.
The attack isn't recorded at the logs.
You can make the attack by connecting the remote server at port 80,
by telnet or any other program you find.
You can do it by connection to the remote server to port 80, write "get"

and keep pressing enter until the connection will be lost (you should
click and
not realese the enter button).
Faster way to do it is by connecting to the server and entering this
commands:

get


get



g
g
g


Return-Path: <sashal@surfree.net.il>
Date: Tue, 07 Dec 1999 20:52:08 +0200
X-Accept-Language: en
Subject: Sambar Server 4.3 BETA 2 Bug

[Part #1: Type: text/plain, Encoding: 7bit, Size: 794]

It is possible to totaly destroy the server by overflowing the server.
When the attack is made the part of sambar that controls port 80 is
damaged and becomes useless.

The attack is made by your browser, you should connect to the server to
this URL:
www.sambar.com/session/adminlogin?RCpage=/sysadmin/index.stm (when
www.sambar.com is the name of your sambar server).

When it asks for username/password enter very long username and password
(over 256 chars), you will know that it's long enough when you won't see
anymore what you typed, you must enter ir in both username and password.

Repeat this proccess for some time (about 5-10 times), you won't see any
result but the next time the server is started it will show message box
that says: "Failure initilazing server, see server.log".


Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

December 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    1 Files
  • 2
    Dec 2nd
    16 Files
  • 3
    Dec 3rd
    17 Files
  • 4
    Dec 4th
    23 Files
  • 5
    Dec 5th
    11 Files
  • 6
    Dec 6th
    10 Files
  • 7
    Dec 7th
    1 Files
  • 8
    Dec 8th
    1 Files
  • 9
    Dec 9th
    15 Files
  • 10
    Dec 10th
    30 Files
  • 11
    Dec 11th
    8 Files
  • 12
    Dec 12th
    20 Files
  • 13
    Dec 13th
    6 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close