################################################################################### RStickets! <= 1.0.0 - Remote Shell Upload Vulnerability # Author: Ibrahim Raafat # Twitter: https://twitter.com/RaafatSEC # Reported to vendor : 7 September 2014 # Response: 8 September 2014 -> RSTickets!" is no longer sold / developed # POC: Upload shell.php.zip from the form and the shell will be uploaded to the server on this path components/com_rstickets/files/ and it will be executable May be another versions are vulnerable also to the same vulnerability => XSS In name parameter of the form You can execute javascript " onmouseover=prompt(1)> ######################################################################################