SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Help Desk Vendors:   helpdeskreloaded.com
Help Desk 'install.php' Script Grants Remote Users Administrative Access
SecurityTracker Alert ID:  1015307
SecurityTracker URL:  http://securitytracker.com/id/1015307
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Dec 2 2005
Impact:   User access via network
Exploit Included:  Yes  

Description:   BiPi_HaCk of Nightmare TeAmZ reported a vulnerability in Help Desk. A remote user can gain administrative access to the application.

The software leaves the 'install.php' script in a web-accessible directory. A remote user can access this script at the following type of URL:

http://[target]/[path]/install.php

Then, the remote user can load 'accountsetup.php' and specify a username and password and then use those credentials to access the target application.

Impact:   A remote user can gain administrative access to the target application.
Solution:   No solution was available at the time of this entry.

As a workaround, the 'install.php' can be removed after installation.

Vendor URL:  www.helpdeskreloaded.com/ (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  Free Help Desk Software Inject Admin Account

------------------------------------------------------
      Nightmare TeAmZ Advisory 018
------------------------------------------------------
Date -  11/2005
Free Help Desk Software Inject Admin Account


AFFECTED PRODUCTS
=================
Free Help Desk
http://www.helpdeskreloaded.com


Overview:
========
Free Help Desk Software by Help Desk Reloaded. Free web based PHP helpdesk 
software using a MySql database for true cross platform capability. This 
Help Desk Customer Support Tool is being used by profit and non-profit 
organizations globally. The Help Desk Software has been tested extensively 
on WinNT, Apple OS X Server, FreeBSD and Linux. End users create support 
tickets, help desk managers and technicians then login to the help desk and 
enter resolutions or search threw past calls. This free Help Desk Package 
includes an automatic install script minimizing your need to deal with MySQL 
directly. We have also just recently updated the software, so check our web 
site often for updates and new features added to this exciting free project. 
We have just added new sorting features to the help desk, and also the next 
page feature to help reduce clutter. Now with Email Notification support, 
and a better design interface. Now with support for web hosting using DB 
Prefixing. We have updated the user manager, and now support end user 
trouble ticket editing. We also just added search engine style trouble 
ticket lookup for tech's and admin's. This search feature also can be turned 
on or off for end users from the help desk control panel. We have also now 
added the option for end users to lookup their past tickets and upload files 
with tickets.


The Problem:
========
1) Go to www.[site].com/[path]/install.php
2)then go to: accountsetup.php
3) Chose your password and user name
4) And Login  :)


Solution:
========
1. Remove install.php :)


Credits
=======
This vulnerability was discovered and researched by
BiPi_HaCk of Nightmare TeAmZ
We're: BiPi_HaCk - r3d_4Ss4ult3r - Sub_Z3r0
Site: http://www.NightmareSecurity.net

_________________________________________________________________
http://toolbar.msn.it/
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC