Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

freeHelpInject.txt

🗓️ 03 Dec 2005 00:00:00Reported by BiPi_HaCkType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 22 Views

Free Help Desk Software Injection vulnerability present in account setup pag

Code
`------------------------------------------------------  
Nightmare TeAmZ Advisory 018  
------------------------------------------------------  
Date - 11/2005  
Free Help Desk Software Inject Admin Account  
  
  
AFFECTED PRODUCTS  
=================  
Free Help Desk  
http://www.helpdeskreloaded.com  
  
  
Overview:  
========  
Free Help Desk Software by Help Desk Reloaded. Free web based PHP helpdesk   
software using a MySql database for true cross platform capability. This   
Help Desk Customer Support Tool is being used by profit and non-profit   
organizations globally. The Help Desk Software has been tested extensively   
on WinNT, Apple OS X Server, FreeBSD and Linux. End users create support   
tickets, help desk managers and technicians then login to the help desk and   
enter resolutions or search threw past calls. This free Help Desk Package   
includes an automatic install script minimizing your need to deal with MySQL   
directly. We have also just recently updated the software, so check our web   
site often for updates and new features added to this exciting free project.   
We have just added new sorting features to the help desk, and also the next   
page feature to help reduce clutter. Now with Email Notification support,   
and a better design interface. Now with support for web hosting using DB   
Prefixing. We have updated the user manager, and now support end user   
trouble ticket editing. We also just added search engine style trouble   
ticket lookup for tech's and admin's. This search feature also can be turned   
on or off for end users from the help desk control panel. We have also now   
added the option for end users to lookup their past tickets and upload files   
with tickets.  
  
  
The Problem:  
========  
1) Go to www.[site].com/[path]/install.php  
2)then go to: accountsetup.php  
3) Chose your password and user name  
4) And Login :)  
  
  
Solution:  
========  
1. Remove install.php :)  
  
  
Credits  
=======  
This vulnerability was discovered and researched by  
BiPi_HaCk of Nightmare TeAmZ  
We're: BiPi_HaCk - r3d_4Ss4ult3r - Sub_Z3r0  
Site: http://www.NightmareSecurity.net  
  
_________________________________________________________________  
Ricerche online più semplici e veloci con MSN Toolbar!   
http://toolbar.msn.it/  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
03 Dec 2005 00:00Current
7.4High risk
Vulners AI Score7.4
free help deskinjectionvulnerabilityaccount setup
22