Sambar Server Search CGI Vulnerability

The following example was taken from the advisory on this subject which is attached in full in the 'Credit' section of this vulnerability:

All that is needed is a malformed query parameter parsed to the search.dll file

.. this will reveal the current working directory contents.

.. this will reveal the root dir of the server.


Privacy Statement
Copyright 2010, SecurityFocus