|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Full-disclosure] Cerberus helpdesk
From: cumhur onat (cumhuronat
gmail.com)
Date: Fri Nov 04 2005 - 02:51:19 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
hi,
I have found a vulnerability in cerberus helpdesk latest stable version,
caused by insufficient authentication checks and leads to access of files
submitted by other users.
If you open a ticket with an attachment, it can be viewed by an url like
this:
http://www.website.com/path-to-cerberus/attachment_send.php?file_id=XXXX&thread_id=YYYYYY
by changing XXXX leaving YYYYYY same, you can download other attacments and
tickets submitted by other users.
As this helpdesk is mostly used in hosting sites, and most of the users add
important details like username && password this vulnerability can lead to
serious issues.
regards,
cumhur onat
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]