Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Foundstone Labs (labsfoundstone.com)
Date: Wed Jun 13 2001 - 14:56:32 CDT
FS Advisory ID: FS-061201-18-SMSW
Release Date: June 11, 2001
Product: ScreamingMedia SITEWare
Vendor: ScreamingMedia Inc.
Vendor Advisory: http://www.screamingmedia.com/security/sms1001.php
Type: Source code disclosure vulnerability
Author: Mike Shema (mike.shemafoundstone.com)
Foundstone, Inc. (http://www.foundstone.com)
Operating Systems: All operating systems
Vulnerable versions: SITEWare 2.5
A source code disclosure vulnerability exists with
ScreamingMedia's SITEWare Editor's Desktop. This
vulnerability allows for the arbitrary viewing of world-
readable files within the web document root. It should also be
noted that ScreamingMedia stores site user names and passwords
in clear text files.
The SITEWare Editor's Desktop is a web-based administration
front-end for ScreamingMedia content. The listening server
can be assigned an arbitrary port on which to listen. For
example, template source can be viewed by the URL:
Any file within the SITEWare/threads/Editor directory can be
viewed, but not system files outside of this root.
Proof of concept
From a browser, make the following URL request:
Refer to the advisory published by ScreamingMedia at:
Customers should obtain upgraded software by contacting their
customer support representative to obtain patches.
We would also like to thank ScreamingMedia. for their prompt
reaction to this problem and their co-operation in heightening
security awareness in the security community.
The information contained in this advisory is the copyright
(C) 2001 of Foundstone, Inc. and believed to be accurate at
the time of printing, but no representation or warranty is
given, express or implied, as to its accuracy or
completeness. Neither the author nor the publisher accepts
any liability whatsoever for any direct, indirect or
conquential loss or damage arising in any way from any use
of, or reliance placed on, this information for any purpose.
This advisory may be redistributed provided that no fee is
assigned and that the advisory is not modified in any way.