CVE-2004-2564

Sambar Server 6.1 Beta 2 - Cross-Site Scripting via show.asp show Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2004-2564. PoCs published by Oliver Karow.

AI-analyzed exploit summary The provided text describes a vulnerability in Sambar Server 6.1 Beta 2, specifically an XSS issue in the 'showperf.asp' page. It notes that administrative privileges are required, but the default configuration lacks a password, making exploitation feasible.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server 6.1 Beta 2 on Windows, and possibly other versions on Linux, allow remote attackers to inject arbitrary web script or HTML via (1) the show parameter in show.asp and (2) the title parameter in showperf.asp.

Exploits (2)

exploitdb WRITEUP VERIFIED

by Oliver Karow · textremotewindows

https://www.exploit-db.com/exploits/24162

View Code ZIP pw:eip

The provided text describes a vulnerability in Sambar Server 6.1 Beta 2, specifically an XSS issue in the 'showperf.asp' page. It notes that administrative privileges are required, but the default configuration lacks a password, making exploitation feasible.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Sambar Server 6.1 Beta 2

Auth required

Prerequisites: Administrative access (default configuration may lack password)

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →