phphelpdesk Multiple vulnerabilities

From: Joseph.giron13@gmail.com
To: bugtraq@securityfocus.com
Cc:
Subject: phphelpdesk Multiple vulnerabilities
Date:


phphelpdesk version 0.6.16 (latest)

http://phphelpdesk.sourceforge.net

phphelpdesk Multiple vulnerabilities

PhpHelpDesk is a popular solution for people looking for a way to manage their helpdesk tickets.
Presently there exists 2 vulnerabilites that affect the inegrity of systems who run the software.
The first of which is a local file inclusuion vulnerability. Problem exists in the GET'd variable
whatdodo. Its supposed to point to a series of pages, but the filter fails to catch users going
outside the lines with a little trailing null bye. Here is an example:

http://helpdesk.example/index.php?whattodo=../../../../../../../../etc/passwd%00

Reading files seems bad, but not that bad. The second vulnerability in question is the SQL
Injection at the login page. Yes, the classic ' or 1=1/* injection still holds true in the
login procedures of this app. 

I've emailed the project dev on sourceforge and am awaiting a response. 

Happy hacking. 





Copyright © 1995-2020 LinuxRocket.net. All rights reserved.