Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

sambar-http.txt

🗓️ 15 Sep 2000 00:00:00Reported by DethyType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 25 Views

Sambar Server 4.4 Beta 3 vulnerable to search CGI flaws exposing server files.

Code
`  
************************************************  
+ Sambar Server search CGI vulnerability +  
************************************************  
# Advisory by dethy #  
# www.synnergy.net #  
|==============================================|  
  
Advisory # 13  
  
Vulnerable: Sambar Server 4.4 Beta 3   
Systems : WinNT, Win95 OSR2, (possibly Linux affected)  
Product : http://www.sambar.com  
Discovery : [email protected]  
  
  
Discussion  
-----------  
  
The Sambar Server comes with a non-caching HTTP proxy server and basic SMTP,   
POP3, and IMAP4 proxy servers compiled in.  
Sambar was created to test a three-tier communication infrastructure modeled   
after the Sybase Open Client/Open Server. Originally developed on a Sun   
Workstation (UNIX), it was ported to the PC (Windows 32) and licensed for   
commercial purposes.  
  
  
Vulnerability  
-------------  
  
The vulnerability occurs in the search.dll Sambar ISAPI Search shipped with   
this product. This dynamic link loader does not check on the 'query' parameter  
that is parsed to the server, therefore by constructing a malformed URL  
we are able to view the contents of the server, all folders, and files.  
  
Thanks also to USSR Labs (www.ussrback.com) for further testing.  
  
Exploit  
-------  
  
All that is needed is a malformed query parameter parsed to the search.dll file.  
  
http://server-running-sambar.com/search.dll?search?query=%00&logic=AND  
  
.. this will reveal the current working directory contents.  
  
  
http://server-running-sambar.com/search.dll?search?query=/&logic=AND  
  
.. this will reveal the root dir of the server.  
  
  
Solution  
--------  
  
The vendor [ [email protected] ] of Sambar Technologies has been contacted, so wait until a   
patched version comes out.  
  
  
Disclaimer  
----------  
  
Synnergy Networks may not be held liable for the use and/or potential effects of these  
programs or advisories, nor the content contained within. Use them at your own risk.  
  
  
Contact  
-------  
E-Mail : [email protected]  
Web : http://www.synnergy.net  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
15 Sep 2000 00:00Current
7.4High risk
Vulners AI Score7.4
sambar server vulnerabilitycgi flawsearch.dllmalformed querydirectory exposurewinnt systemsvendor contacted.
25