Vulnerability in Helpdesk software Hesk 0.92

s2b_at_hotmail.com
Date: 08/29/05

Next message: contact_at_webappsec.org: "WASC-Articles: 'Preventing Log Evasion in IIS'"

Previous message: gegegz_at_aol.com: "Re: unload event in ie/mozilla/opera"
Next in thread: not_at_given.com: "Re: Vulnerability in Helpdesk software Hesk 0.92"
Maybe reply: not_at_given.com: "Re: Vulnerability in Helpdesk software Hesk 0.92"
Reply: Thomas Krüger: "Re: Vulnerability in Helpdesk software Hesk 0.92"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 29 Aug 2005 12:26:14 -0000
To: bugtraq@securityfocus.com

('binary' encoding is not supported, stored as-is) By The Name Of Allah

Vulnerability in Helpdesk software Hesk ..

Vulnerability Type : Login into The Administrator Menu With out Password

Injected version : Helpdesk software Hesk 0.92

Vulnerability Example

http://www.springporttwppd.com/helpdesk/

add : admin.php

http://www.springporttwppd.com/helpdesk/admin.php

Choose the username : administrator

Put any password in the password field

change the url to : admin_main.php

http://www.springporttwppd.com/helpdesk/admin_main.php

You Are Noe in the Administrator menu ..

Thx For : Devil-00 & ADBUCTER

Peace

Next message: contact_at_webappsec.org: "WASC-Articles: 'Preventing Log Evasion in IIS'"

Previous message: gegegz_at_aol.com: "Re: unload event in ie/mozilla/opera"
Next in thread: not_at_given.com: "Re: Vulnerability in Helpdesk software Hesk 0.92"
Maybe reply: not_at_given.com: "Re: Vulnerability in Helpdesk software Hesk 0.92"
Reply: Thomas Krüger: "Re: Vulnerability in Helpdesk software Hesk 0.92"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

[NEWS] Cisco Unified IP Conference Station and IP Phone Vulnerabilities
... Cisco Unified IP Conference Station and IP Phone Vulnerabilities ... Cisco Unified IP Conference Station Administrative Bypass Vulnerability ... password when a URL is accessed directly via the administrator HTTP ... This default user account may be leveraged to gain administrative access ...
(Securiteam)
Re: Vulnerability in Helpdesk software Hesk 0.92
... >Vulnerability Type: Login into The Administrator Menu With out Password ... The given site uses Basic HTTP Authentication. ... Connection: keep-alive ...
(Bugtraq)
Re: converting line input into columns
... At present it will be swallowed as part of 'Vulnerability Discussion'. ... Manual Fix Procedures ... Administrator Documentation ... II Using a privileged account to perform routine functions ...
(comp.lang.perl.misc)
Re: Virus/adware/spyware -- is there all-in-one protection in one program?
... > It's slightly paranoid, but short of a huge vulnerability in the OS, ... friends about - removing administrator access from possible exploit means ... I've used email clients from three different vendors that have, ...
(microsoft.public.security)
Re: Virus/adware/spyware -- is there all-in-one protection in one program?
... > It's slightly paranoid, but short of a huge vulnerability in the OS, ... friends about - removing administrator access from possible exploit means ... I've used email clients from three different vendors that have, ...
(microsoft.public.security.virus)