header-logo
Suggest Exploit
vendor:
PHP Support Tickets
by:
ahmadbady
7.5
CVSS
HIGH
Remote File Upload
N/A
CWE
Product Name: PHP Support Tickets
Affected Version From: 2.2
Affected Version To: 2.2
Patch Exists: YES
Related CWE: N/A
CPE: a:phpsupporttickets:php_support_tickets
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

PHP Support Tickets v2.2 Remote File Upload Vulnerability

PHP Support Tickets v2.2 is prone to a remote file-upload vulnerability because it fails to adequately sanitize user-supplied input. An attacker can exploit this issue to upload arbitrary PHP code and execute it in the context of the webserver process.

Mitigation:

Upgrade to the latest version of PHP Support Tickets.
Source

Exploit-DB raw data:

****(remote file upload)****

script: PHP_Support_Tickets_v2.2
   
***************************************************************************
download from:http://www.phpsupporttickets.com/modules/phpsupporttickets.com/dist/free/PHP_Support_Tickets_v2.2.zip
   
***************************************************************************
1:www.site.com/path/index.php?page=register

2:New Ticket

3:upload php file

shell www.site.com/path/upload/you user/phpst_ticket_number/shell.php
   
***************************************************


Author: ahmadbady 

my mail: kivi_hacker666@yahoo.com

***************************************************

# milw0rm.com [2008-12-11]

Navigation

Suggest Exploit

Services By CQR