Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Sambar Server flaws

Sambar Server flaws

by phiber on July 25th, 2001 There are two flaws with Sambar Server. The first one regards password decryption and the second one regards pagecount exploit.


First flaw:

Sambar Server (Web/Mail/Proxy for Windows) by default stores
password encrypted with blowfish with static built-in key.
(Documentation states passwords can't be recovered but
server recovers passwords for some needs). There is no even
need to discover this key because Sambar has decoding
procedure inside.

Workaround:

In config.ini you can set
Use Unix crypt = true
to make Sambar use crypt()-like non-recoverable DES format.

Download the password decryptor.


Second flaw:

By default, there is a pagecount script with Sambar Web Server it's situated at http://sambarserver/session/pagecount

Counter writes it's temporary files at c:sambardirectorytmp

If we'll write http://sambarserver/session/pagecount?page=index it will create file in Sambar temp directory with name index and if we'll write http://sambarserver/session/pagecount?page=../../../../../../autoexec.bat
script will rewrite first simbols of c:autoexec.bat with it's number so we able to add some text to any file on the disk.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »