header-logo
Suggest Exploit
vendor:
Sambar Web/FTP/Proxy Server
by:
SecurityFocus
7.5
CVSS
HIGH
DOS-style Batch Program CGI Scripts Vulnerability
78
CWE
Product Name: Sambar Web/FTP/Proxy Server
Affected Version From: Sambar Web/FTP/Proxy Server for Windows NT and 2000
Affected Version To: Sambar Web/FTP/Proxy Server for Windows NT and 2000
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows NT and 2000
2001

Sambar Web/FTP/Proxy Server for Windows NT and 2000 DOS-style Batch Program CGI Scripts Vulnerability

The Sambar Web/FTP/Proxy Server for Windows NT and 2000 supports DOS-style batch programs as CGI scripts. A remote attacker can use any batch file used by the server in the 'cgi-bin' directory to run any valid command-line program with administrator privileges. This allows the attacker to read, modify, create, or delete any file or directory on the system, including user accounts, etc. Even if the user hasn't enabled or created any batch files, the software ships with two by default: 'hello.bat' and 'echo.bat'.

Mitigation:

Disable the use of batch files as CGI scripts, or remove the batch files from the cgi-bin directory.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/1002/info

The Sambar Web/FTP/Proxy Server for Windows NT and 2000 supports DOS-style batch programs as CGI scripts. A remote attacker can use any batch file used by the server in the 'cgi-bin' directory to run any valid command-line program with administrator privileges. This allows the attacker to read, modify, create, or delete any file or directory on the system, including user accounts, etc. Even if the user hasn't enabled or created any batch files, the software ships with two by default: 'hello.bat' and 'echo.bat'.

http://target/cgi-bin/hello.bat?&dir+c:or
http://target/cgi-bin/echo.bat?&dir+c:\

Navigation

Suggest Exploit

Services By CQR