|
|
Sambar Server多个跨站脚本漏洞
发布时间:2003-04-09
更新时间:2003-04-09
严重程度:中
威胁程度:用户敏感信息泄露
错误类型:输入验证错误
利用方式:服务器模式
BUGTRAQ ID:7209
受影响系统Sambar Server 5.1
-Microsoft Windows 2000 Advanced Server
-Microsoft Windows 2000 Advanced Server SP1
-Microsoft Windows 2000 Advanced Server SP2
-Microsoft Windows 2000 Datacenter Server
-Microsoft Windows 2000 Datacenter Server SP1
-Microsoft Windows 2000 Datacenter Server SP2
-Microsoft Windows 2000 Professional
-Microsoft Windows 2000 Professional SP1
-Microsoft Windows 2000 Professional SP2
-Microsoft Windows 2000 Server
-Microsoft Windows 2000 Server SP1
-Microsoft Windows 2000 Server SP2
-Microsoft Windows 95
-Microsoft Windows 98
-Microsoft Windows 98SE
-Microsoft Windows ME
-Microsoft Windows NT Enterprise Server 4.0
-Microsoft Windows NT Enterprise Server 4.0 SP1
-Microsoft Windows NT Enterprise Server 4.0 SP2
-Microsoft Windows NT Enterprise Server 4.0 SP3
-Microsoft Windows NT Enterprise Server 4.0 SP4
-Microsoft Windows NT Enterprise Server 4.0 SP5
-Microsoft Windows NT Enterprise Server 4.0 SP6
-Microsoft Windows NT Enterprise Server 4.0 SP6a
-Microsoft Windows NT Server 4.0
-Microsoft Windows NT Server 4.0 SP1
-Microsoft Windows NT Server 4.0 SP2
-Microsoft Windows NT Server 4.0 SP3
-Microsoft Windows NT Server 4.0 SP4
-Microsoft Windows NT Server 4.0 SP5
-Microsoft Windows NT Server 4.0 SP6
-Microsoft Windows NT Server 4.0 SP6a
-Microsoft Windows NT Workstation 4.0
-Microsoft Windows NT Workstation 4.0 SP1
-Microsoft Windows NT Workstation 4.0 SP2
-Microsoft Windows NT Workstation 4.0 SP3
-Microsoft Windows NT Workstation 4.0 SP4
-Microsoft Windows NT Workstation 4.0 SP5
-Microsoft Windows NT Workstation 4.0 SP6
-Microsoft Windows NT Workstation 4.0 SP6a
Sambar Server 5.2 b
-Microsoft Windows 2000 Advanced Server
-Microsoft Windows 2000 Advanced Server SP1
-Microsoft Windows 2000 Advanced Server SP2
-Microsoft Windows 2000 Datacenter Server
-Microsoft Windows 2000 Datacenter Server SP1
-Microsoft Windows 2000 Datacenter Server SP2
-Microsoft Windows 2000 Professional
-Microsoft Windows 2000 Professional SP1
-Microsoft Windows 2000 Professional SP2
-Microsoft Windows 2000 Server
-Microsoft Windows 2000 Server SP1
-Microsoft Windows 2000 Server SP2
-Microsoft Windows 95
-Microsoft Windows 98
-Microsoft Windows 98SE
-Microsoft Windows ME
-Microsoft Windows NT Enterprise Server 4.0
-Microsoft Windows NT Enterprise Server 4.0 SP1
-Microsoft Windows NT Enterprise Server 4.0 SP2
-Microsoft Windows NT Enterprise Server 4.0 SP3
-Microsoft Windows NT Enterprise Server 4.0 SP4
-Microsoft Windows NT Enterprise Server 4.0 SP5
-Microsoft Windows NT Enterprise Server 4.0 SP6
-Microsoft Windows NT Enterprise Server 4.0 SP6a
-Microsoft Windows NT Server 4.0
-Microsoft Windows NT Server 4.0 SP1
-Microsoft Windows NT Server 4.0 SP2
-Microsoft Windows NT Server 4.0 SP3
-Microsoft Windows NT Server 4.0 SP4
-Microsoft Windows NT Server 4.0 SP5
-Microsoft Windows NT Server 4.0 SP6
-Microsoft Windows NT Server 4.0 SP6a
-Microsoft Windows NT Workstation 4.0
-Microsoft Windows NT Workstation 4.0 SP1
-Microsoft Windows NT Workstation 4.0 SP2
-Microsoft Windows NT Workstation 4.0 SP3
-Microsoft Windows NT Workstation 4.0 SP4
-Microsoft Windows NT Workstation 4.0 SP5
-Microsoft Windows NT Workstation 4.0 SP6
-Microsoft Windows NT Workstation 4.0 SP6a
Sambar Server 5.2
Sambar Server 5.3 b4 详细描述
Sambar Server没有充分过滤用户提交中混入的HTML代码,可以导致跨站脚本攻击,远程攻击者可以利用脚本代码创建一个恶意的链接,使之在用户的浏览器中执行,攻击者可能窃取目标用户基于Cookie的认证信息。
测试代码
http://[target]/netutils/ipdata.stm?ipaddr=[hostile_code]
http://[target]/netutils/whodata.stm?sitename=[hostile_code]
http://[target]/netutils/findata.stm?user=[hostile_code]
http://[target]/netutils/findata.stm?host=[hostile_code]
http://[target]/isapi/testisa.dll?check1=[hostile_code]
http://[target]/cgi-bin/environ.pl?param1=[hostile_code]
http://[target]/samples/search.dll?query=[hostile_code]&logic=AND
http://[target]/wwwping/index.stm?wwwsite=[hostile_code]
http://[target]/syshelp/stmex.stm?foo=[hostile_code]&bar=456
http://[target]/syshelp/stmex.stm?foo=123&bar=[hostile_code]
http://[target]/syshelp/cscript/showfunc.stm?func=[hostile_code]
http://[target]/syshelp/cscript/showfncs.stm?pkg=[hostile_code]
http://[target]/syshelp/cscript/showfnc.stm?pkg=[hostile_code]
http://[target]/sysuser/docmgr/ieedit.stm?path=[hostile_code]
http://[target]/sysuser/docmgr/ieedit.stm?name=[hostile_code]
http://[target]/sysuser/docmgr/edit.stm?path=[hostile_code]
http://[target]/sysuser/docmgr/edit.stm?name=[hostile_code]
http://[target]/sysuser/docmgr/iecreate.stm?path=[hostile_code]
http://[target]/sysuser/docmgr/create.stm?path=[hostile_code]
http://[target]/sysuser/docmgr/info.stm?path=[hostile_code]
http://[target]/sysuser/docmgr/info.stm?name=[hostile_code]
http://[target]/sysuser/docmgr/ftp.stm?path=[hostile_code]
http://[target]/sysuser/docmgr/htaccess.stm?path=[hostile_code]
http://[target]/sysuser/docmgr/mkdir.stm?path=[hostile_code]
http://[target]/sysuser/docmgr/rename.stm?path=[hostile_code]
http://[target]/sysuser/docmgr/rename.stm?name=[hostile_code]
http://[target]/sysuser/docmgr/search.stm?path=[hostile_code]
http://[target]/sysuser/docmgr/search.stm?query=[hostile_code]
http://[target]/sysuser/docmgr/sendmail.stm?path=[hostile_code]
http://[target]/sysuser/docmgr/sendmail.stm?name=[hostile_code]
http://[target]/sysuser/docmgr/template.stm?path=[hostile_code]
http://[target]/sysuser/docmgr/update.stm?path=[hostile_code]
http://[target]/sysuser/docmgr/update.stm?name=[hostile_code]
http://[target]/sysuser/docmgr/vccheckin.stm?path=[hostile_code]
http://[target]/sysuser/docmgr/vccheckin.stm?name=[hostile_code]
http://[target]/sysuser/docmgr/vccreate.stm?path=[hostile_code]
http://[target]/sysuser/docmgr/vccreate.stm?name=[hostile_code]
http://[target]/sysuser/docmgr/vchist.stm?path=[hostile_code]
http://[target]/sysuser/docmgr/vchist.stm?name=[hostile_code]
http://[target]/cgi-bin/testcgi.exe?[hostile_code]
解决方案
厂商还未提供解决方案。
相关信息
Gregory Le Bras <gregory.lebras@security-corporation.com>
Multiple vulnerabilities in Sambar Server
http://www.security-corporation.com/index.php?id=advisories&a=012-FR
|
