CVE-2009-2428

Tausch Ticket Script 3 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2009-2428. PoCs published by Moudi.

AI-analyzed exploit summary The exploit demonstrates a SQL injection vulnerability in Tausch Ticket Script by injecting malicious input into the 'descr' parameter of the 'vote.php' endpoint. This allows an attacker to manipulate SQL queries and potentially access or modify data in the underlying database.

Description

Multiple SQL injection vulnerabilities in Tausch Ticket Script 3 allow remote attackers to execute arbitrary SQL commands via the (1) userid parameter to suchauftraege_user.php and the (2) descr parameter to vote.php; and other unspecified vectors.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Moudi · textwebappsphp

https://www.exploit-db.com/exploits/34810

View Code ZIP pw:eip

The exploit demonstrates a SQL injection vulnerability in Tausch Ticket Script by injecting malicious input into the 'descr' parameter of the 'vote.php' endpoint. This allows an attacker to manipulate SQL queries and potentially access or modify data in the underlying database.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Tausch Ticket Script 3

No auth needed

Prerequisites: Access to the vulnerable endpoint

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 18, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by Moudi · textwebappsphp

https://www.exploit-db.com/exploits/34809

View Code ZIP pw:eip

The provided text describes a SQL injection vulnerability in Tausch Ticket Script 3, where the 'userid' parameter in 'suchauftraege_user.php' is not properly sanitized. It references a SecurityFocus BID but does not include functional exploit code.

Classification

Writeup 80%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: Tausch Ticket Script 3

No auth needed

Prerequisites: Access to the vulnerable endpoint

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2009/1823

Exploit x_refsource_misc

http://packetstorm.linuxsecurity.com/0907-exploits/tausch-sql.txt

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/35725

Scores

EPSS 0.0097

EPSS Percentile 57.2%

Details

CWE

CWE-89

Status published

Products (1)

tauschregal.de/tausch_ticket_script 3

Published Jul 10, 2009

Tracked Since Feb 18, 2026