Vendor of the product(s): Enhancesoft
Product Name: osTicket
(https://github.com/osTicket/osTicket/releases)
Version: v1.17.2
Affected component(s): Role "Name" Field
Attack vector(s): Local
Vulnerability Name: Stored Cross-Site Scripting (XSS)
Attack Type: Persistent/Stored
INTRODUCTION
Cross-Site Scripting (XSS) attacks represent a form of injection where malicious scripts infiltrate otherwise benign and trusted websites. XSS attacks occur when an attacker employs a web application to transmit malicious code, typically in the form of a browser-side script, to a different end user. Vulnerabilities that facilitate these attacks are widespread and arise whenever a web application incorporates user input into the generated output without proper validation or encoding. In a Stored XSS attack, the vulnerable application receives user-supplied input from untrusted sources and retains it. Subsequently, this malicious content becomes part of the HTTP responses sent by the server.
Description: The osTicket Admin Panel offers the capability to add Roles. It has been noted that the user input lacks proper sanitization. Consequently, attackers can inject malicious JavaScript code into the "Name" input field. This injected code can execute whenever the vulnerable web page is accessed by any user and will persist.
Impact: Stored XSS attacks can result in severe consequences, including theft of sensitive data, alteration of web page content, or redirection of users to malicious sites.
METHOD OF EXPLOITATION
1. Navigate to the GitHub release of osTicket and download the v.1.17.2 of osTicket (https://github.com/osTicket/osTicket/releases). Install and set up osTicket on the local system using XAMPP.
2. Visit the Admin Panel and log in to the application with valid credentials.
3. In the Admin Panel, navigate to the "Roles" tab.
4. Click on "Add New Role" and insert the payload (<xonmouseover=alert(document.cookie)>hoverthis!) into the "Name" field. Ensure that some permissions are also assigned to the new role before saving it.
5. Click on "Add Role" to save the details.
6. Hover over the newly added role, and it is observed that the injected payload executes successfully. It is important to note that the payload will persist in the application and trigger whenever a user interacts with the page.
osTicket XSS
Viruses & Malware
-
TheVikingsofDW
- Posts: 65
- Joined: Thu Feb 01, 2024 5:54 pm
Jump to
- Home
- Announcements
- Comments & FeedBack
- Staff Applications
- Technical Support
- Infractions and reporting
- Community
- General Discussion
- Hello World!
- International - No English
- Anonymity
- Discussions about anonymity
- Socks Proxy
- HTTP / HTTPS Proxy
- Proxy Programs / VPN
- RDP / VPS / SERVERS
- Hackers Zone
- Penetration Tests
- Social Engineering Tests
- Exploits
- Tools
- Malware
- Cryptography
- Others
- Hacking Tutorials
- Hacked Accounts and Database Dumps
- Android Moded apk
- Carding Zone
- Carders Home
- Public Carding Tutorials
- Carding Tools
- Carding Proof / Showoff
- Cardable Websites
- Credit Cards
- Help Me
- Market
- I Buy
- I Sell Verified Carders
- I Sell Open Source
- Exchange
- I Service
- Best Carding World Escrow Service
- Scam Reports