[原文]Multiple directory traversal vulnerabilities in Sambar Server 6.1 Beta 2 on Windows, and possibly other versions on Linux, when the administrative IP address restrictions have been modified from the default, allow remote authenticated users to read arbitrary files via (1) a "..\" (dot dot backslash) in the file parameter to showini.asp, or (2) an absolute path with drive letter in the log parameter to showlog.asp.
Sambar Server is reportedly prone to multiple vulnerabilities. These issues may allow an attacker to access sensitive files and carry out directory traversal and cross-site scripting attacks.
These issues require an attacker to have administrative privileges, however, it is reported that an administrative password is not set on the server by default. An administrator who is not intended to have certain privileges may also exploit these vulnerabilities.
Sambar 6.1 Beta 2 is reported to be prone to these issues, however, it is likely that other versions are affected as well.
Sambar Server contains a flaw that allows a remote attacker to access arbitrary files outside of the application root. The issue is due to the "showini.asp" script not properly sanitizing user input, specifically traversal style attacks (../../) which will allow a remote attacker to view arbitrary files on the system, resulting in a loss of confidentiality.
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: Grant access to the administrative interface from the localhost interface only (default configuration).