Sambar Server 4.1 Beta – Admin Access

Sambar Server 4.1 Beta – Admin Access

漏洞ID 1053371 漏洞类型
发布时间 1998-06-10 更新时间 1998-06-10
图片[1]-Sambar Server 4.1 Beta – Admin Access-安全小百科CVE编号 N/A
图片[2]-Sambar Server 4.1 Beta – Admin Access-安全小百科CNNVD-ID N/A
漏洞平台 CGI CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/20570
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/2255/info

'dumpenv.pl' is a utility that will display environment information on which the server resides, this information could include the server software version being used, directory settings and path information.

The default authentication credentials for the administrator account in a Sambar Server is Username: admin with the password left blank. Once a remote user has gained knowledge of the path to log into the admin account, it is possible for the user to login to the server via an http request. This unauthorized access is gained providing that the default settings have not been changed.

Successful exploitation of this vulnerability could lead to complete compromise of the host 

The following will display environment information:

http://target/cgi-bin/dumpenv.pl

The following is an example of the path to login as admin:

http://target/session/adminlogin?RCpage=/sysadmin/index.stm

相关推荐: AIX innd 访问许可漏洞

AIX innd 访问许可漏洞 漏洞ID 1207581 漏洞类型 未知 发布时间 1997-01-01 更新时间 1997-01-01 CVE编号 CVE-1999-0100 CNNVD-ID CNNVD-199701-039 漏洞平台 N/A CVSS评分…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享