header-logo
Suggest Exploit
vendor:
Sambar Server
by:
SecurityFocus
7.5
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: Sambar Server
Affected Version From: All
Affected Version To: All
Patch Exists: Yes
Related CWE: N/A
CPE: //a:sambar_server
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2002

Sambar Server Search.dll Vulnerability

The Sambar Server is vulnerable to a directory traversal attack due to a vulnerability in the search.dll file. An attacker can pass a malformed query parameter to the search.dll file to view the contents of the Sambar Server, such as mail folders. All that is needed is a malformed query parameter parsed to the search.dll file, such as http://server-running-sambar.com/search.dll?search?query=%00&logic=AND or http://server-running-sambar.com/search.dll?search?query=/&logic=AND.

Mitigation:

Upgrade to the latest version of Sambar Server and ensure that all query parameters are properly sanitized.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/1684/info

The Sambar Server was created to test a three-tier communication infrastructure modeled after the Sybase Open Client/Open Server. Soon thereafter, the idea of leveraging the infrastructure for dynamic delivery of content on the WWW resulted in the addition of an HTTP protocol stack, and efforts in supporting the notion of preexistent users via HTTP. 

Certain NT versions of this software ship with a vulnerability in the search.dll which allows remote attackers to view the contents of the SAMBAR Server such as mail folders etc by passing paths or invalid values in the 'query' variable.

All that is needed is a malformed query parameter parsed to the search.dll file
.

http://server-running-sambar.com/search.dll?search?query=%00&logic=AND

.. this will reveal the current working directory contents.


http://server-running-sambar.com/search.dll?search?query=/&logic=AND

.. this will reveal the root dir of the server.

Navigation

Suggest Exploit

Services By CQR