sign up! webstats forums guestbooks calendars
PHD Help Desk
Página: 1 Responder Responder
Autor Mensajes
Donnieclark

Registrado: 02.11.2017
Mensajes: 1

04.11.2017 - 12:53: PHD Help Desk 2.12 - SQLi/XSS | Citar Citar

PHD Help Desk is a help desk application used for managing help tickets in corporate/enterprise environments. The latest version (2.12) is vulnerable to, well, quite a few instances of SQLi and XSS. I’ll try and go through a couple, but there are so many it’s sort of embarrassing, and none of them are at all complex. The software is clocking ~200 downloads/week on Sourceforge, and no telling how many off their website, so it’s definitely still out there somewhere. These issues have been disclosed to the vendor and a generous amount of time to fix them has since passed.

This doesn’t even really try to sanitize anything. strip_tags is used to remove HTML and PHP tags from a string, and trim strips whitespace; what? It pulls out the username, checks it in the database, then pulls the password, md5’s it, and checks that in the database. Plenty of opportunity for SQLi, but no way to get around the login screen with a simple ' OR '1=1, due to the final query using the md5 of the password. We could use a malicious username and comment that out, but then the first query would fail. So instead, we’ll just use the username to run malicious queries.


For more you can check
animated infographic

 
Enviar mensaje privado Enviar e-mail
Página: 1 Responder Responder
acceso directo:
Get free forums, guestbooks, calendars, shorturls and web statistics at motigo.
Site Information