[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [Full-disclosure] Cerberus helpdesk
From: cumhur onat <cumhuronat () gmail ! com>
Date: 2005-11-04 8:51:19
Message-ID: ab92512d0511040051u9de5524ne1fc859c7f9991ad () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
hi,
I have found a vulnerability in cerberus helpdesk latest stable version,
caused by insufficient authentication checks and leads to access of files
submitted by other users.
If you open a ticket with an attachment, it can be viewed by an url like
this:
http://www.website.com/path-to-cerberus/attachment_send.php?file_id=XXXX&thread_id=YYYYYY
by changing XXXX leaving YYYYYY same, you can download other attacments and
tickets submitted by other users.
As this helpdesk is mostly used in hosting sites, and most of the users add
important details like username && password this vulnerability can lead to
serious issues.
regards,
cumhur onat
[Attachment #5 (text/html)]
<span class="gmail_quote"></span>hi,<br>
I have found a vulnerability in cerberus helpdesk latest stable
version, caused by insufficient authentication checks and leads to
access of files submitted by other users.<br>
If you open a ticket with an attachment, it can be viewed by an url like this:<br>
<a href="http://www.website.com/path-to-cerberus/attachment_send.php?file_id=XXXX&thread_id=YYYYYY" \
target="_blank" onclick="return \
top.js.OpenExtLink(window,event,this)">http://www.website.com/path-to-cerberus/attachment_send.php?file_id=XXXX&thread_id=YYYYYY
</a><br>
by changing XXXX leaving YYYYYY same, you can download other attacments and tickets \
submitted by other users.<br> As this helpdesk is mostly used in hosting sites, and \
most of the users add important details like username && password this
vulnerability can lead to serious issues.<br>
regards,<br><span class="sg">
cumhur onat<br>
</span>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic