5 lines
No EOL
562 B
Text
5 lines
No EOL
562 B
Text
source: http://www.securityfocus.com/bid/1040/info
|
|
|
|
StarOffice is a desktop office suite offered by Sun Microsystems. StarScheduler is a groupware server that ships with StarOffice and includes a webserver that runs as root by default. When a request it sent to a webserver for a document, the StarScheduler httpd will follow "../" paths if provided. As a result, exploiting this allows an attacker to view any file on the target system (the server runs as root..), including files such as /etc/shadow.
|
|
|
|
http://starscheduler_server:801/../../../../etc/shadow |