header-logo
Suggest Exploit
vendor:
Sambar Server
by:
Unknown
7.5
CVSS
HIGH
Directory Traversal, Cross-Site Scripting (XSS)
22
CWE
Product Name: Sambar Server
Affected Version From: Sambar 6.1 Beta 2
Affected Version To: Unknown
Patch Exists: NO
Related CWE: Not specified
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Unknown
Unknown

Multiple vulnerabilities in Sambar Server

The vulnerabilities in Sambar Server allow an attacker to access sensitive files, carry out directory traversal attacks, and execute cross-site scripting attacks. These issues can be exploited by an attacker with administrative privileges, and it is reported that the server does not have an administrative password set by default. Even administrators without intended privileges can exploit these vulnerabilities. The specific vulnerability can be triggered by accessing the following URL: http://www.example.com/sysadmin/system/show.asp?show=<script>alert("oops")</script>

Mitigation:

It is recommended to set an administrative password on the server and apply the latest patches or updates provided by the vendor. Additionally, input validation should be implemented to prevent directory traversal and XSS attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10444/info

Sambar Server is reportedly prone to multiple vulnerabilities. These issues may allow an attacker to access sensitive files and carry out directory traversal and cross-site scripting attacks.

These issues require an attacker to have administrative privileges, however, it is reported that an administrative password is not set on the server by default. An administrator who is not intended to have certain privileges may also exploit these vulnerabilities.

Sambar 6.1 Beta 2 is reported to be prone to these issues, however, it is likely that other versions are affected as well.

http://www.example.com/sysadmin/system/show.asp?show=<script>alert("oops")</script>