phphelpdesk version 0.6.16 (latest)

http://phphelpdesk.sourceforge.net


phphelpdesk Multiple vulnerabilities


PhpHelpDesk is a popular solution for people looking for a way to manage their 
helpdesk tickets.

Presently there exists 2 vulnerabilites that affect the inegrity of systems who 
run the software.

The first of which is a local file inclusuion vulnerability. Problem exists in 
the GET'd variable

whatdodo. Its supposed to point to a series of pages, but the filter fails to 
catch users going

outside the lines with a little trailing null bye. Here is an example:


http://helpdesk.example/index.php?whattodo=../../../../../../../../etc/passwd%00


Reading files seems bad, but not that bad. The second vulnerability in question 
is the SQL

Injection at the login page. Yes, the classic ' or 1=1/* injection still holds 
true in the

login procedures of this app. 


I've emailed the project dev on sourceforge and am awaiting a response. 


Happy hacking. 

Reply via email to