by default, there is a pagecount script with Sambar Web Server
 it's situated at http://sambarserver/session/pagecount
 counter writes it's temporary files at c:\sambardirectory\tmp
 if we'll write http://sambarserver/session/pagecount?page=index
 it will create file in Sambar temp directory with name index
 and if we'll write
 http://sambarserver/session/pagecount?page=../../../../../../autoexec.bat
 script will rewrite first simbols of c:\autoexec.bat with it's number
 so we able to add some text to any file on the disk...

//kyprizel mailto:kyprizelmail.kz

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]