Flowerfire Sawmill 5.0.21 File Access Vulnerability

ID SSV:73939
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00


No description provided by source.

                                                source: http://www.securityfocus.com/bid/1402/info

Sawmill is a site statistics package for Unix, Windows and Mac OS. A specially crafted request can disclose the first line of any world readable file for which the full pathname is known, for example /etc/passwd. The output of the request is similar to the following: 'Unknown configuration command "root:x:0:0:root:/root:/bin/sh" in "/etc/passwd".' 

The following request will display the first line of /etc/passwd


If sawmill is run as a cgi script, the following can be used instead: