[21836] in bugtraq
Sambar Web Server pagecount exploit code
daemon@ATHENA.MIT.EDU (kyprizel)
Wed Jul 25 11:31:21 2001
Date: Sun, 22 Jul 2001 00:18:04 +0600
From: kyprizel <kyprizel@mail.kz>
Reply-To: kyprizel <kyprizel@mail.kz>
Message-ID: <6213222467.20010722001804@mail.kz>
To: BUGTRAQ@securityfocus.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
by default, there is a pagecount script with Sambar Web Server
it's situated at http://sambarserver/session/pagecount
counter writes it's temporary files at c:\sambardirectory\tmp
if we'll write http://sambarserver/session/pagecount?page=index
it will create file in Sambar temp directory with name index
and if we'll write
http://sambarserver/session/pagecount?page=../../../../../../autoexec.bat
script will rewrite first simbols of c:\autoexec.bat with it's number
so we able to add some text to any file on the disk...
//kyprizel mailto:kyprizel@mail.kz
