Help Desk 'install.php' Script Grants Remote Users Administrative Access
|
|
SecurityTracker Alert ID: 1015307
|
|
SecurityTracker URL: http://securitytracker.com/id?1015307
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Dec 2 2005
|
Impact: User access via network
|
Exploit Included: Yes
|
Description: BiPi_HaCk of Nightmare TeAmZ reported a vulnerability in Help Desk. A remote user can gain administrative access to the application.
The software leaves the 'install.php' script in a web-accessible directory. A remote user can access this script at the following
type of URL:
http://[target]/[path]/install.php
Then, the remote user can load 'accountsetup.php' and specify a username and
password and then use those credentials to access the target application.
|
Impact: A remote user can gain administrative access to the target application.
|
Solution: No solution was available at the time of this entry.
As a workaround, the 'install.php' can be removed after installation.
|
Vendor URL: www.helpdeskreloaded.com/ (Links to External Site)
|
Cause: Access control error
|
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
|
Reported By: "brian walter" <bipicciuti@hotmail.com>
|
Message History:
None.
|
Source Message Contents
|
Date: Fri, 02 Dec 2005 17:28:18 +0100
From: "brian walter" <bipicciuti@hotmail.com>
Subject: Free Help Desk Software Inject Admin Account
|
------------------------------------------------------
Nightmare TeAmZ Advisory 018
------------------------------------------------------
Date - 11/2005
Free Help Desk Software Inject Admin Account
AFFECTED PRODUCTS
=================
Free Help Desk
http://www.helpdeskreloaded.com
Overview:
========
Free Help Desk Software by Help Desk Reloaded. Free web based PHP helpdesk
software using a MySql database for true cross platform capability. This
Help Desk Customer Support Tool is being used by profit and non-profit
organizations globally. The Help Desk Software has been tested extensively
on WinNT, Apple OS X Server, FreeBSD and Linux. End users create support
tickets, help desk managers and technicians then login to the help desk and
enter resolutions or search threw past calls. This free Help Desk Package
includes an automatic install script minimizing your need to deal with MySQL
directly. We have also just recently updated the software, so check our web
site often for updates and new features added to this exciting free project.
We have just added new sorting features to the help desk, and also the next
page feature to help reduce clutter. Now with Email Notification support,
and a better design interface. Now with support for web hosting using DB
Prefixing. We have updated the user manager, and now support end user
trouble ticket editing. We also just added search engine style trouble
ticket lookup for tech's and admin's. This search feature also can be turned
on or off for end users from the help desk control panel. We have also now
added the option for end users to lookup their past tickets and upload files
with tickets.
The Problem:
========
1) Go to www.[site].com/[path]/install.php
2)then go to: accountsetup.php
3) Chose your password and user name
4) And Login :)
Solution:
========
1. Remove install.php :)
Credits
=======
This vulnerability was discovered and researched by
BiPi_HaCk of Nightmare TeAmZ
We're: BiPi_HaCk - r3d_4Ss4ult3r - Sub_Z3r0
Site: http://www.NightmareSecurity.net
_________________________________________________________________
Ricerche online pił semplici e veloci con MSN Toolbar!
http://toolbar.msn.it/
|
|
