SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Cerberus Helpdesk Vendors:   WebGroup Media
Cerberus Helpdesk Discloses Attachments and Tickets to Other Users
SecurityTracker Alert ID:  1015153
SecurityTracker URL:  http://securitytracker.com/id/1015153
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Nov 4 2005
Impact:   Disclosure of user information
Exploit Included:  Yes  

Description:   A vulnerability was reported in Cerberus Helpdesk. A remote user can view tickets belonging to other users.

The 'attachment_send.php' script does not properly authenticate user requests. A remote user can open a ticket with an attachment and modify the 'file_id' parameter in the URL to view attachments and tickets submitted by other users.

cumhur onat reported this vulnerability.

Impact:   A remote user can view attachments and tickets belonging to other users.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.cerberusweb.com/ (Links to External Site)
Cause:   Authentication error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  [Full-disclosure] Cerberus helpdesk

--===============1967149663==
Content-Type: multipart/alternative; 
	boundary="----=_Part_17037_4079956.1131094279524"

------=_Part_17037_4079956.1131094279524
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

hi,
I have found a vulnerability in cerberus helpdesk latest stable version,
caused by insufficient authentication checks and leads to access of files
submitted by other users.
If you open a ticket with an attachment, it can be viewed by an url like
this:
http://www.website.com/path-to-cerberus/attachment_send.php?file_id=3DXXXX&=
thread_id=3DYYYYYY
by changing XXXX leaving YYYYYY same, you can download other attacments and
tickets submitted by other users.
As this helpdesk is mostly used in hosting sites, and most of the users add
important details like username && password this vulnerability can lead to
serious issues.
regards,
cumhur onat

------=_Part_17037_4079956.1131094279524
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

<span class=3D"gmail_quote"></span>hi,<br>
I have found a vulnerability in cerberus helpdesk latest stable
version, caused by insufficient authentication checks and leads to
access of files submitted by other users.<br>
If you open a ticket with an attachment, it can be viewed by an url like th=
is:<br>
<a href=3D"http://www.website.com/path-to-cerberus/attachment_send.php?file=
_id=3DXXXX&amp;thread_id=3DYYYYYY" target=3D"_blank" onclick=3D"return top.=
js.OpenExtLink(window,event,this)">http://www.website.com/path-to-cerberus/=
attachment_send.php?file_id=3DXXXX&amp;thread_id=3DYYYYYY
</a><br>
by changing XXXX leaving YYYYYY same, you can download other attacments and=
 tickets submitted by other users.<br>
As this helpdesk is mostly used in hosting sites, and most of the users
add important details like username &amp;&amp; password this
vulnerability can lead to serious issues.<br>
regards,<br><span class=3D"sg">
cumhur onat<br>

</span>

------=_Part_17037_4079956.1131094279524--

--===============1967149663==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--===============1967149663==--

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC