AOH :: HP Unsorted H :: BX2183.HTM

h2desk helpdesk path disclosure vulnerability



h2desk helpdesk path disclosure vulnerability
h2desk helpdesk path disclosure vulnerability



Heathco's h2desk helpdesk ticking system provides a ticketing solution for small and large organizations alike. Blah blah.

On to the exploit. h2desk's session handling is custom and doesnt use the standard phpsession id handling. As a result, if you add a tic (') or any other invalid character to the session ID (stored within a cookie) you get a nice path disclosure.

Also, you can access the database dump utility without admin rights. helpdesk/index.php?pid=databasedump
This can be used to dump the users table.

No patch, no fix. Have fun.

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.