phphelpdesk Multiple vulnerabilities

2007.11.11
Credit: Joseph
Risk: Medium
Local: No
Remote: Yes
CWE: N/A

phphelpdesk version 0.6.16 (latest) http://phphelpdesk.sourceforge.net phphelpdesk Multiple vulnerabilities PhpHelpDesk is a popular solution for people looking for a way to manage their helpdesk tickets. Presently there exists 2 vulnerabilites that affect the inegrity of systems who run the software. The first of which is a local file inclusuion vulnerability. Problem exists in the GET'd variable whatdodo. Its supposed to point to a series of pages, but the filter fails to catch users going outside the lines with a little trailing null bye. Here is an example: http://helpdesk.example/index.php?whattodo=../../../../../../../../etc/p asswd%00 Reading files seems bad, but not that bad. The second vulnerability in question is the SQL Injection at the login page. Yes, the classic ' or 1=1/* injection still holds true in the login procedures of this app. I've emailed the project dev on sourceforge and am awaiting a response. Happy hacking.


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top