exophpdesk_advisory.txt

2005-11-20T00:00:00
ID PACKETSTORM:41708
Type packetstorm
Reporter soulblack.com.ar
Modified 2005-11-20T00:00:00

Description

                                        
                                            `  
===========================================================  
  
============================================================  
Title: ExoPHPDesk Multiple Remote Vulnerabilities  
Vulnerability discovery: SoulBlack - Security Research -  
http://soulblack.com.ar  
Date: 15/11/2005  
Severity: High. Remote Users Can Execute Arbitrary Code.  
Affected version: v1.2  
vendor: http://exoscripts.com/  
============================================================  
  
============================================================  
  
* Summary *  
  
ExoPHPDesk is helpdesk written in PHP/SQL.  
  
-------------------------------------------------------------  
  
* Problem Description *  
  
Default installation dont remote install.php  
1- Remote users can re-install script: install.php  
2- Change admin username and password: install.php?step=4  
3- Access to admin system, edit Attachment Configurations:  
admin.php?action=configuration  
4- Upload .php scripts: index.php?fn=ticket&type=add  
5- Go to [site]/[helpdesk]/[Attachment Dir]/[file].php  
6- Execute command or php code :).  
  
-------------------------------------------------------------  
  
* Fix *  
  
1-Remove install.php.  
  
----  
  
2-  
  
<?  
  
if(file_exists('install.php')) {  
die('remove install.php o_O');  
}  
  
?>  
  
-------------------------------------------------------------  
  
* References *  
  
http://www.soulblack.com.ar/repo/papers/advisory/exophpdesk_advisory.txt  
  
-------------------------------------------------------------  
  
* Credits *  
  
Vulnerability reported by SoulBlack Security Research.  
  
============================================================  
  
--  
SoulBlack - Security Research  
http://www.soulblack.com.ar  
--  
Soulblack Security Research  
http://www.soulblack.com.ar  
  
`