6 lines
No EOL
656 B
Text
6 lines
No EOL
656 B
Text
source: http://www.securityfocus.com/bid/1002/info
|
|
|
|
The Sambar Web/FTP/Proxy Server for Windows NT and 2000 supports DOS-style batch programs as CGI scripts. A remote attacker can use any batch file used by the server in the 'cgi-bin' directory to run any valid command-line program with administrator privileges. This allows the attacker to read, modify, create, or delete any file or directory on the system, including user accounts, etc. Even if the user hasn't enabled or created any batch files, the software ships with two by default: 'hello.bat' and 'echo.bat'.
|
|
|
|
http://target/cgi-bin/hello.bat?&dir+c:or
|
|
http://target/cgi-bin/echo.bat?&dir+c:\ |