Yuri Goltsev - Security Researcher - Exploit Intelligence Platform

CVE-2011-5071 EXPLOITDB text WORKING POC

Support Incident Tracker < 3.64 - SQL Injection via Multiple Parameters

Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.64 allow remote attackers to execute arbitrary SQL commands via the (1) exc[] parameter to report_marketing.php, (2) selected[] parameter to tasks.php, (3) sites[] parameter to billable_incidents.php, or (4) search_string parameter to search.php. NOTE: some of these details are obtained from third party information.

View Code

CVE-2011-5071 EXPLOITDB text WORKING POC

Support Incident Tracker < 3.64 - SQL Injection via Multiple Parameters

Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.64 allow remote attackers to execute arbitrary SQL commands via the (1) exc[] parameter to report_marketing.php, (2) selected[] parameter to tasks.php, (3) sites[] parameter to billable_incidents.php, or (4) search_string parameter to search.php. NOTE: some of these details are obtained from third party information.

View Code

CVE-2011-5071 EXPLOITDB text WORKING POC

Support Incident Tracker < 3.64 - SQL Injection via Multiple Parameters

Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.64 allow remote attackers to execute arbitrary SQL commands via the (1) exc[] parameter to report_marketing.php, (2) selected[] parameter to tasks.php, (3) sites[] parameter to billable_incidents.php, or (4) search_string parameter to search.php. NOTE: some of these details are obtained from third party information.

View Code

CVE-2011-5071 EXPLOITDB text WRITEUP

Support Incident Tracker < 3.64 - SQL Injection via Multiple Parameters

Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.64 allow remote attackers to execute arbitrary SQL commands via the (1) exc[] parameter to report_marketing.php, (2) selected[] parameter to tasks.php, (3) sites[] parameter to billable_incidents.php, or (4) search_string parameter to search.php. NOTE: some of these details are obtained from third party information.

View Code

EIP-2026-108977 EXPLOITDB text WRITEUP

Kayako SupportSuite 3.x - Multiple Vulnerabilities

View Code

EIP-2026-105596 EXPLOITDB text WORKING POC

Boonex Dolphin 6.1 - 'get_list.php' SQL Injection

View Code