Full Disclosure mailing list archives
ExoPHPDesk is helpdesk written in PHP/SQL.
From: "group () soulblack com ar" <group () soulblack com ar>
Date: Fri, 18 Nov 2005 19:21:14 -0300
=========================================================== ============================================================ Title: ExoPHPDesk Multiple Remote Vulnerabilities Vulnerability discovery: SoulBlack - Security Research - http://soulblack.com.ar Date: 15/11/2005 Severity: High. Remote Users Can Execute Arbitrary Code. Affected version: v1.2 vendor: http://exoscripts.com/ ============================================================ ============================================================ * Summary * ExoPHPDesk is helpdesk written in PHP/SQL. ------------------------------------------------------------- * Problem Description * Default installation dont remote install.php 1- Remote users can re-install script: install.php 2- Change admin username and password: install.php?step=4 3- Access to admin system, edit Attachment Configurations: admin.php?action=configuration 4- Upload .php scripts: index.php?fn=ticket&type=add 5- Go to [site]/[helpdesk]/[Attachment Dir]/[file].php 6- Execute command or php code :). ------------------------------------------------------------- * Fix * 1-Remove install.php. ---- 2- <? if(file_exists('install.php')) { die('remove install.php o_O'); } ?> ------------------------------------------------------------- * References * http://www.soulblack.com.ar/repo/papers/advisory/exophpdesk_advisory.txt ------------------------------------------------------------- * Credits * Vulnerability reported by SoulBlack Security Research. ============================================================ -- SoulBlack - Security Research http://www.soulblack.com.ar -- Soulblack Security Research http://www.soulblack.com.ar _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- ExoPHPDesk is helpdesk written in PHP/SQL. group () soulblack com ar (Nov 18)
- Anyone messed with the md5 collision code yet? Iadnah (Nov 19)