- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 19797
- Проверка EDB
-
- Пройдено
- Автор
- VANJA HRUSTIC
- Тип уязвимости
- REMOTE
- Платформа
- UNIX
- CVE
- cve-2000-0174
- Дата публикации
- 2000-03-09
Sun StarOffice 5.1 - Arbitrary File Read
Код:
source: https://www.securityfocus.com/bid/1040/info
StarOffice is a desktop office suite offered by Sun Microsystems. StarScheduler is a groupware server that ships with StarOffice and includes a webserver that runs as root by default. When a request it sent to a webserver for a document, the StarScheduler httpd will follow "../" paths if provided. As a result, exploiting this allows an attacker to view any file on the target system (the server runs as root..), including files such as /etc/shadow.
http://starscheduler_server:801/../../../../etc/shadow- Источник
- www.exploit-db.com
