It appears that the Free Help Desk software by Help Desk Reloaded leaves the install.php file in place post installation, allowing remote attackers to create accounts without any authentication or access.
804b6bf95c701fc3e436588dcb9bb2b6c18779f0bb612923c56a2ad5eb75b375
------------------------------------------------------
Nightmare TeAmZ Advisory 018
------------------------------------------------------
Date - 11/2005
Free Help Desk Software Inject Admin Account
AFFECTED PRODUCTS
=================
Free Help Desk
https://www.helpdeskreloaded.com
Overview:
========
Free Help Desk Software by Help Desk Reloaded. Free web based PHP helpdesk
software using a MySql database for true cross platform capability. This
Help Desk Customer Support Tool is being used by profit and non-profit
organizations globally. The Help Desk Software has been tested extensively
on WinNT, Apple OS X Server, FreeBSD and Linux. End users create support
tickets, help desk managers and technicians then login to the help desk and
enter resolutions or search threw past calls. This free Help Desk Package
includes an automatic install script minimizing your need to deal with MySQL
directly. We have also just recently updated the software, so check our web
site often for updates and new features added to this exciting free project.
We have just added new sorting features to the help desk, and also the next
page feature to help reduce clutter. Now with Email Notification support,
and a better design interface. Now with support for web hosting using DB
Prefixing. We have updated the user manager, and now support end user
trouble ticket editing. We also just added search engine style trouble
ticket lookup for tech's and admin's. This search feature also can be turned
on or off for end users from the help desk control panel. We have also now
added the option for end users to lookup their past tickets and upload files
with tickets.
The Problem:
========
1) Go to www.[site].com/[path]/install.php
2)then go to: accountsetup.php
3) Chose your password and user name
4) And Login :)
Solution:
========
1. Remove install.php :)
Credits
=======
This vulnerability was discovered and researched by
BiPi_HaCk of Nightmare TeAmZ
We're: BiPi_HaCk - r3d_4Ss4ult3r - Sub_Z3r0
Site: https://www.NightmareSecurity.net
_________________________________________________________________
Ricerche online piĆ¹ semplici e veloci con MSN Toolbar!
https://toolbar.msn.it/