Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2017-18486 PoC — Jitbit Software Helpdesk 安全特征问题漏洞

Source
https://github.com/Kc57/JitBit_Helpdesk_Auth_Bypass
Associated Vulnerability
Title:Jitbit Software Helpdesk 安全特征问题漏洞 (CVE-2017-18486)
Description:Jitbit Software Helpdesk是英国Jitbit Software公司的一套服务台票务系统。 Jitbit Software Helpdesk 9.0.3之前版本中存在安全特征问题漏洞,该漏洞源于程序没有正确处理‘userHash’参数。远程攻击者可通过伪造其他用户的令牌利用该漏洞提升权限。
Description
Utility to derive the shared secret on a JitBit Helpdesk install which can be used for authentication bypass (CVE-2017-18486)
File Snapshot

 [4.0K]  /data/pocs/f2ce18c16de4f3bd3b08f54031b9da1d922795de
├── [4.0K]  SecretBuster
│   ├── [ 184]  App.config
│   ├── [3.4K]  Program.cs
│   ├── [4.0K]  Properties
│   │   └── [1.4K]  AssemblyInfo.cs
│   └── [2.3K]  SecretBuster.csproj
└── [ 981]  SecretBuster.sln

2 directories, 5 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.