lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Fri Nov 18 20:22:38 2005
From: group at soulblack.com.ar (group@...lblack.com.ar)
Subject: ExoPHPDesk is helpdesk written in PHP/SQL.


===========================================================

============================================================
Title: ExoPHPDesk Multiple Remote Vulnerabilities
Vulnerability discovery: SoulBlack - Security Research -
http://soulblack.com.ar
Date: 15/11/2005
Severity: High. Remote Users Can Execute Arbitrary Code.
Affected version: v1.2
vendor: http://exoscripts.com/
============================================================

============================================================

* Summary *

ExoPHPDesk is helpdesk written in PHP/SQL.

-------------------------------------------------------------

* Problem Description *

Default installation dont remote install.php
1- Remote users can re-install script: install.php
2- Change admin username and password: install.php?step=4
3- Access to admin system, edit Attachment Configurations:
admin.php?action=configuration
4- Upload .php scripts: index.php?fn=ticket&type=add
5- Go to [site]/[helpdesk]/[Attachment Dir]/[file].php
6- Execute command or php code :).

-------------------------------------------------------------

* Fix *

1-Remove install.php.

----

2-

<?

if(file_exists('install.php')) {
die('remove install.php o_O');
}

?>

-------------------------------------------------------------

* References *

http://www.soulblack.com.ar/repo/papers/advisory/exophpdesk_advisory.txt

-------------------------------------------------------------

* Credits *

Vulnerability reported by SoulBlack Security Research.

============================================================

--
SoulBlack - Security Research
http://www.soulblack.com.ar
--
Soulblack Security Research
http://www.soulblack.com.ar

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ