###################################################################################

RStickets!  <= 1.0.0 - Remote Shell Upload Vulnerability
 
# Author: Ibrahim Raafat
# Twitter: https://twitter.com/RaafatSEC
# Reported to vendor : 7 September 2014
# Response: 8 September 2014 -> RSTickets!" is no longer sold / developed 
 
# POC:

Upload shell.php.zip from the form and the shell will be uploaded to the server on this path

components/com_rstickets/files/

and it will be executable

May be another versions are vulnerable also to the same vulnerability


=> XSS In name parameter of the form  You can execute javascript

" onmouseover=prompt(1)> 
######################################################################################