Advertisement
CVE | Category | Price | Severity |
---|---|---|---|
Author | Risk | Exploitation Type | Date |
---|---|---|---|
nDesk Support Center - Ticket System have no input field filtering, so it's possible to inject a Stored XSS payload. Most usefull vulnerable fields is: Subject (for Tickets) and Name (for Category and Article). Plus, unauthorized posting isn't restricted, so admin 100% will see your payload. PoC #1 [Stored XSS] as guest: Go to the demo website http://demos.codeniner.com/ndesk/?route=dashboard and create a new ticket without registration/auth. Subject field is good for your payload, f.e. test it with <script>alert('QUIXSS')</script>, fill in other fields and submit the form. After that your ticket with payload inside Subject field will be @ admin dashboard (you can check it by logging in with admin credentials: [email protected] / admin). PoC #2 [Stored XSS] as user: Go to the demo website http://demos.codeniner.com/ndesk/?route=dashboard and pay attention to the registration form. You can use your payload inside Your Name field, f.e. John<script>alert(document.cookie)</script>. PoC #3 [Stored XSS] as admin: Go to the demo website http://demos.codeniner.com/ndesk/?route=dashboard and log in as admin, after that you will be able to use your payload in almost any input field u want: when creating new ticket, new category or new article, etc. etc. PoC #4 [Reflected XSS]: http://demos.codeniner.com/ndesk/?q=%22%3E%3Cscript%3Ealert%28%27QUIXSS%27%29%3B%3C%2Fscript%3E&route=search
Copyright ©2024 Exploitalert.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.