Windows及Linux Sambar目录遍历漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1107977 漏洞类型 路径遍历
发布时间 2004-06-01 更新时间 2006-01-24
CVE编号 CVE-2004-2565 CNNVD-ID CNNVD-200412-882
漏洞平台 Windows CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/24163
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-882
|漏洞详情
Windows上的Sambar服务器6.1Beta2版本和Linux上的可能其它版本在默认管理员IP地址限制被修改后存在多个目录遍历漏洞。远程授权用户可以借助(1)showini.asp的file参数的"..\"(点点反斜线)或(2)showlog.asp的log参数的带有drive字母的绝对路径读取任意文件。
|漏洞EXP
source: http://www.securityfocus.com/bid/10444/info
  
Sambar Server is reportedly prone to multiple vulnerabilities. These issues may allow an attacker to access sensitive files and carry out directory traversal and cross-site scripting attacks.
  
These issues require an attacker to have administrative privileges, however, it is reported that an administrative password is not set on the server by default. An administrator who is not intended to have certain privileges may also exploit these vulnerabilities.
  
Sambar 6.1 Beta 2 is reported to be prone to these issues, however, it is likely that other versions are affected as well.

http://www.example.com/sysadmin/system/showini.asp?file=\..\..\..\..\..\..\..\boot.ini
|参考资料

来源:XF
名称:sambar-multiple-directory-traversal(16287)
链接:http://xforce.iss.net/xforce/xfdb/16287
来源:BID
名称:10444
链接:http://www.securityfocus.com/bid/10444
来源:OSVDB
名称:6585
链接:http://www.osvdb.org/6585
来源:www.oliverkarow.de
链接:http://www.oliverkarow.de/research/sambar.txt
来源:SECTRACK
名称:1010353
链接:http://securitytracker.com/id?1010353
来源:SECUNIA
名称:11748
链接:http://secunia.com/advisories/11748