h2desk helpdesk path disclosure vulnerability

[joseph.giron13 () gmail com]

Heathco's h2desk helpdesk ticking system provides a ticketing solution for small and large organizations alike. Blah 
blah. 

On to the exploit. h2desk's session handling is custom and doesnt use the standard phpsession id handling. As a result, 
if you add a tic (') or any other invalid character to the session ID (stored within a cookie) you get a nice path 
disclosure.

Also, you can access the database dump utility without admin rights. helpdesk/index.php?pid=databasedump 
This can be used to dump the users table.

No patch, no fix. Have fun.