info
discussion
exploit
solution
references
OSTicket Multiple Input Validation Vulnerabilities
No exploit is required.
The following proof of concept is available for the file-include issue:
http://www.example.com/osticket/view.php?inc=x
Privacy Statement
Copyright 2010, SecurityFocus
