kyprizel schrieb:
> by default, there is a pagecount script with Sambar Web Server
> it's situated at http://sambarserver/session/pagecount
> counter writes it's temporary files at c:\sambardirectory\tmp
> if we'll write http://sambarserver/session/pagecount?page=index
> it will create file in Sambar temp directory with name index
> and if we'll write
> http://sambarserver/session/pagecount?page=../../../../../../autoexec.bat
> script will rewrite first simbols of c:\autoexec.bat with it's number
> so we able to add some text to any file on the disk...
Can confirm this on Sambar 4.4production (intranet only ;-) and W2kpro. Since
our installations use different drives for data and webpages vs. OS and
programs we found out that on the drive where the SAMBAR-programs are located
only an existing AUTOEXEC.bat ist affected, but no new file AUTOEXEC.bat e.g.
is created.
Regards, Axel Hammer
--
de:
Daten-Treuhand.de
Michael-Imhof-Str. 17
86609 Donauw�rth
Tel.: +49 (0)906-70570621
Fax: +49 (0)906-70570622
[EMAIL PROTECTED]
http://www.daten-treuhand.de
