Full Disclosure mailing list archives
Cerberus helpdesk
From: cumhur onat <cumhuronat () gmail com>
Date: Fri, 4 Nov 2005 10:51:19 +0200
hi, I have found a vulnerability in cerberus helpdesk latest stable version, caused by insufficient authentication checks and leads to access of files submitted by other users. If you open a ticket with an attachment, it can be viewed by an url like this: http://www.website.com/path-to-cerberus/attachment_send.php?file_id=XXXX&thread_id=YYYYYY by changing XXXX leaving YYYYYY same, you can download other attacments and tickets submitted by other users. As this helpdesk is mostly used in hosting sites, and most of the users add important details like username && password this vulnerability can lead to serious issues. regards, cumhur onat
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Cerberus helpdesk cumhur onat (Nov 04)