TUCoPS :: Web :: PHP :: tb13280.htm

phphelpdesk Multiple vulnerabilities
phphelpdesk Multiple vulnerabilities
phphelpdesk Multiple vulnerabilities


phphelpdesk version 0.6.16 (latest)=0D
=0D
http://phphelpdesk.sourceforge.net=0D 
=0D
phphelpdesk Multiple vulnerabilities=0D
=0D
PhpHelpDesk is a popular solution for people looking for a way to manage their helpdesk tickets.=0D
Presently there exists 2 vulnerabilites that affect the inegrity of systems who run the software.=0D
The first of which is a local file inclusuion vulnerability. Problem exists in the GET'd variable=0D
whatdodo. Its supposed to point to a series of pages, but the filter fails to catch users going=0D
outside the lines with a little trailing null bye. Here is an example:=0D
=0D
http://helpdesk.example/index.php?whattodo=../../../../../../../../etc/passwd%00=0D 
=0D
Reading files seems bad, but not that bad. The second vulnerability in question is the SQL=0D
Injection at the login page. Yes, the classic ' or 1=1/* injection still holds true in the=0D
login procedures of this app. =0D
=0D
I've emailed the project dev on sourceforge and am awaiting a response. =0D
=0D
Happy hacking.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH