[Phphelpdesk-help] security issues/fixes

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

hi;

a couple of things:

1)
although all attempts to segregate the users/companies, it is still 
possible to view every ticket in the database even if its for another 
company.. this is will a user that only has access to add jobs..

this is done by simply changing the t_id=n env var
ie: 
http://example.com/phphelpdesk/index.php?
whattodo=viewjobs&lstChooseCompany[0]=other1&t_id=22

http://example.com/phphelpdesk/index.php?
whattodo=viewjobs&lstChooseCompany[0]=other2&t_id=20

2)
there exists a xss in the search function, simply disable the 
displaying of the 'you searched for':
line 17 of scripts/search.scp.php

Search Results <!-- for "<? echo "$searchText"; ?>" -->

3)
its possible to view all jobs/tickets via the search page..
simply [heh] disable the search functionality for users altogether

line 24+25 of config/whattodo_items.conf.php
simply hash em out:

  //print "<a href=\"$g_base_url/index.php?whattodo=search\">";
  //print "$l_search</a>\n";

the script will still be accessible, thus either restrict access to
/scripts/search.scp.php via mod_access
or simply restrict access to it totally
chmod 0000 ...

i will submit a patch (unless major major restructure needed)
to combat the t_id=x major issue...

now i will audit the code ;)

----------------
Powered by telstra.com