Sambar Server Admin Access Vulnerability
BID:2255
Info
Sambar Server Admin Access Vulnerability
| Bugtraq ID: | 2255 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Jun 10 1998 12:00AM |
| Updated: | Jun 10 1998 12:00AM |
| Credit: | Discovered and posted to Bugtraq on June 10, 1998 by Michiel de Weerd <[email protected]>. |
| Vulnerable: |
Sambar Server 4.1 beta |
| Not Vulnerable: | |
Discussion
Sambar Server Admin Access Vulnerability
'dumpenv.pl' is a utility that will display environment information on which the server resides, this information could include the server software version being used, directory settings and path information.
The default authentication credentials for the administrator account in a Sambar Server is Username: admin with the password left blank. Once a remote user has gained knowledge of the path to log into the admin account, it is possible for the user to login to the server via an http request. This unauthorized access is gained providing that the default settings have not been changed.
Successful exploitation of this vulnerability could lead to complete compromise of the host
'dumpenv.pl' is a utility that will display environment information on which the server resides, this information could include the server software version being used, directory settings and path information.
The default authentication credentials for the administrator account in a Sambar Server is Username: admin with the password left blank. Once a remote user has gained knowledge of the path to log into the admin account, it is possible for the user to login to the server via an http request. This unauthorized access is gained providing that the default settings have not been changed.
Successful exploitation of this vulnerability could lead to complete compromise of the host
Exploit / POC
Sambar Server Admin Access Vulnerability
The following examples are provided by Michiel de Weerd <[email protected]>:
The following will display environment information:
http://target/cgi-bin/dumpenv.pl
The following is an example of the path to login as admin:
http://target/session/adminlogin?RCpage=/sysadmin/index.stm
The following examples are provided by Michiel de Weerd <[email protected]>:
The following will display environment information:
http://target/cgi-bin/dumpenv.pl
The following is an example of the path to login as admin:
http://target/session/adminlogin?RCpage=/sysadmin/index.stm