CVE-2022-31890 PoC — Enhancesoft osTicket SQL注入漏洞

Source

https://github.com/reewardius/CVE-2022-31890

Associated Vulnerability

Title:Enhancesoft osTicket SQL注入漏洞 (CVE-2022-31890)
Description:Enhancesoft osTicket是美国Enhancesoft公司的一套开源的票务系统。 osTicket osTicket-plugins存在安全漏洞，该漏洞源于存在SQL注入漏洞。

Readme

# CVE-2022-31890 for osTicket | Support Ticketing System

Nickname:
```
> python nickname.py
# The output of the first nickname in the table.
```
Password:
```
> python password.py
# The output of the first password in the table.
```
Output to file:
```
> python dumpFile.py
> cat dump.txt || {{nickname}}::{{password}}
```
Output to console:
```
> python dumpConsole.py
# Output to console || {{nickname}}::{{password}}
```

File Snapshot


 [4.0K]  /data/pocs/d2fed15de82ca26c446e3aeb70fe249e826550b5
├── [1.7K]  dumpConsole.py
├── [1.9K]  dumpFile.py
├── [ 700]  letter.py
├── [ 886]  nickname.py
├── [ 886]  password.py
└── [ 425]  README.md

0 directories, 6 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!