Exploitation Summary
EIP tracks 1 public exploit for CVE-2005-3005. PoCs published by Rajesh Sethumadhavan.
AI-analyzed exploit summary This exploit demonstrates an authentication bypass vulnerability in Hesk by manipulating the PHPSESSID cookie. It involves sending a POST request with arbitrary credentials and a random session ID, followed by a GET request to the admin panel using the same session ID to gain unauthorized access.
Description
Helpdesk Software Hesk allows remote attackers to bypass authentication for (1) admin.php and (2) admin_main.php by modifying the PHPSESSID session ID parameter or cookie.
Exploits (1)
This exploit demonstrates an authentication bypass vulnerability in Hesk by manipulating the PHPSESSID cookie. It involves sending a POST request with arbitrary credentials and a random session ID, followed by a GET request to the admin panel using the same session ID to gain unauthorized access.