phphelpdesk Multiple vulnerabilities

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1052847 漏洞类型
发布时间 2007-11-11 更新时间 2007-11-11
CVE编号 CVE-2007-5915
CVE-2007-5916
CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2007110033
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
phphelpdesk version 0.6.16 (latest)

http://phphelpdesk.sourceforge.net

phphelpdesk Multiple vulnerabilities

PhpHelpDesk is a popular solution for people looking for a way to manage their helpdesk tickets.

Presently there exists 2 vulnerabilites that affect the inegrity of systems who run the software.

The first of which is a local file inclusuion vulnerability. Problem exists in the GET'd variable

whatdodo. Its supposed to point to a series of pages, but the filter fails to catch users going

outside the lines with a little trailing null bye. Here is an example:

http://helpdesk.example/index.php?whattodo=../../../../../../../../etc/p
asswd%00

Reading files seems bad, but not that bad. The second vulnerability in question is the SQL

Injection at the login page. Yes, the classic ' or 1=1/* injection still holds true in the

login procedures of this app.

I've emailed the project dev on sourceforge and am awaiting a response.

Happy hacking.