Re: Vulnerability in Helpdesk software Hesk 0.92

• Previous message: Andrew McCullough: "MS05-042 Security Update Problems"
• In reply to: s2b_at_hotmail.com: "Vulnerability in Helpdesk software Hesk 0.92"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 30 Aug 2005 15:00:54 +0200
To: s2b@hotmail.com

s2b@hotmail.com schrieb:

>By The Name Of Allah
>
>Vulnerability in Helpdesk software Hesk ..
>
>Vulnerability Type : Login into The Administrator Menu With out Password
>
>Injected version : Helpdesk software Hesk 0.92
>
>Vulnerability Example
>
>http://www.springporttwppd.com/helpdesk/
>
>add : admin.php
>
>http://www.springporttwppd.com/helpdesk/admin.php
>
>Choose the username : administrator
>
>Put any password in the password field
>
>change the url to : admin_main.php
>
>http://www.springporttwppd.com/helpdesk/admin_main.php
>
>You Are Noe in the Administrator menu ..
>
>

Hi s2b,

sorry, but I can't confirm that. I can't get any access following your
instructions.

The given site uses Basic HTTP Authentication. Requests with this
authentication do not depend on the other. There is just the
Authentication header added.
Even manual alteration of the request did not give any result:

-------------->
$ telnet www.springporttwppd.com 80
Trying 67.18.224.74...
Connected to www.springporttwppd.com.
Escape character is '^]'.
GET /helpdesk/admin_main.php HTTP/1.1
Host: www.springporttwppd.com
User-Agent: Mozilla/5.0 (X11; U; Linux i686; de-DE; rv:1.7.10)
Gecko/20050809 Firefox/1.0.6
Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: de,de-de;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: UTF-8,*
Keep-Alive: 300
Connection: keep-alive
Authorization: Basic YWRtaW5pc3RyYXRvcjoxMjM0

HTTP/1.1 401 Authorization Required
Date: Tue, 30 Aug 2005 12:48:43 GMT
Server: Apache
WWW-Authenticate: Basic realm="Restricted Area"
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html

24e
[...]
Connection closed by foreign host.
<--------------

Is it possible the effect is caused by your local or server setup (e.g.
browser cache, webserver authentication setup...)?

Thomas Krüger

• Previous message: Andrew McCullough: "MS05-042 Security Update Problems"
• In reply to: s2b_at_hotmail.com: "Vulnerability in Helpdesk software Hesk 0.92"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages [NEWS] LDAP and VPN Vulnerabilities in PIX and ASA Appliances ... LDAP and VPN Vulnerabilities in PIX and ASA Appliances ... The Lightweight Directory Access Protocol authentication bypass ... Denial of Service in VPNs with Password Expiry ... LDAP Authentication Bypass Vulnerability ... (Securiteam) [NEWS] Multiple Vulnerabilities with Pingtel xpressa SIP Phones ... remote administrative configuration of the phone's settings. ... The Pingtel xpressa SIP-based phone ships with no administrator password, ... Requiring Authentication of Incoming Calls ... Altering the Behavior of the Web Server ... (Securiteam) RUS-CERT Advisory 2001-08:01 ... Vulnerabilities in several Apache authentication modules ... vulnerable to a remote SQL code injection attack. ... SQL statements or cause the database query for the password to return ... In the MySQL and Oracle cases, the impact of the vulnerability is ... (Bugtraq) [NT] Vulnerabilities in TCP/IP Allow Remote Code Execution and DoS (MS05-019) ... Validation, ICMP Connection Reset, ICMP Path MTU, TCP Connection Reset and ... An attacker who successfully exploited the most severe of these ... vulnerabilities could take complete control of an affected system. ... * ICMP Connection Reset Vulnerability - CAN-2004-0790 ... (Securiteam) Re: Is there malware on my Server? ... be exposing to the internet some means of authenticating to the server. ... Anonymous Access is checked and the login uses the ... Integrated Windows Authentication is checked. ... Administrador indicates hack attempts to log on with the Administrator ... (microsoft.public.windows.server.security)