Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: Servers :: sware2~2.htm

SITEWare cleartext passwords, read arbitrary files



Vulnerability

    SITEWare

Affected

    SITEWare 2.5, 3.0

Description

    Following is based  on Foundstone Labs  Advisory FS-061201-18-SMSW
    by Mike Shema.  A source code disclosure vulnerability exists with
    ScreamingMedia's SITEWare  Editor's Desktop.   This  vulnerability
    allows for  the arbitrary  viewing of  world-readable files within
    the web document root. It should also be noted that ScreamingMedia
    stores site user names and passwords in clear text files.

    The  SITEWare  Editor's  Desktop  is  a  web-based  administration
    front-end for ScreamingMedia content.  The listening server can be
    assigned  an  arbitrary  port  on  which  to listen.  For example,
    template source can be viewed by the URL:

        http://server:30001/../../template/shared/indexTemplate.xml

    Any  file  within  the  SITEWare/threads/Editor  directory  can be
    viewed, but not system files outside of this root.

    As for exploit, from a browser, make the following URL request:

        http://server:30001/../../template/shared/indexTemplate.xml

Solution

    Refer to the advisory published by ScreamingMedia at:

        http://www.screamingmedia.com/security/sms1001.php

    Customers  should  obtain  upgraded  software  by contacting their
    customer support representative to obtain patches.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH