CVE-2015-3001

SysAid Help Desk <15.2 - Auth Bypass

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-3001. PoCs published by Pedro Ribeiro.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in SysAid Help Desk 14.4, including unauthenticated administrator account creation, file upload via directory traversal, arbitrary file download, path disclosure, hard-coded cryptographic key usage, and SQL injection. The PoC provides clear examples of how to exploit these vulnerabilities, with some leading to remote code execution.

Description

SysAid Help Desk before 15.2 uses a hardcoded password of Password1 for the sa SQL Server Express user account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password.

Exploits (1)

exploitdb WORKING POC

by Pedro Ribeiro · textwebappshardware

https://www.exploit-db.com/exploits/43885

View Code ZIP pw:eip

The exploit demonstrates multiple vulnerabilities in SysAid Help Desk 14.4, including unauthenticated administrator account creation, file upload via directory traversal, arbitrary file download, path disclosure, hard-coded cryptographic key usage, and SQL injection. The PoC provides clear examples of how to exploit these vulnerabilities, with some leading to remote code execution.

Classification

Working Poc 95%

Attack Type

Rce | Sqli | Info Leak | Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: SysAid Help Desk 14.4

No auth needed

Prerequisites: Network access to the target system

MITRE ATT&CK