Advertisement






nDesk Support Center - Ticket System v1.4 Multiple XSS Injection

CVE Category Price Severity
Author Risk Exploitation Type Date
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2019040137

Below is a copy:

nDesk Support Center - Ticket System v1.4 Multiple XSS Injection
nDesk Support Center - Ticket System have no input field filtering, so it's possible to inject a Stored XSS payload. Most usefull vulnerable fields is: Subject (for Tickets) and Name (for Category and Article). Plus, unauthorized posting isn't restricted, so admin 100% will see your payload.

PoC #1 [Stored XSS] as guest: Go to the demo website http://demos.codeniner.com/ndesk/?route=dashboard and create a new ticket without registration/auth. Subject field is good for your payload, f.e. test it with <script>alert('QUIXSS')</script>, fill in other fields and submit the form. After that your ticket with payload inside Subject field will be @ admin dashboard (you can check it by logging in with admin credentials: [email protected] / admin).

PoC #2 [Stored XSS] as user: Go to the demo website http://demos.codeniner.com/ndesk/?route=dashboard and pay attention to the registration form. You can use your payload inside Your Name field, f.e. John<script>alert(document.cookie)</script>.

PoC #3 [Stored XSS] as admin: Go to the demo website http://demos.codeniner.com/ndesk/?route=dashboard and log in as admin, after that you will be able to use your payload in almost any input field u want: when creating new ticket, new category or new article, etc. etc.

PoC #4 [Reflected XSS]: http://demos.codeniner.com/ndesk/?q=%22%3E%3Cscript%3Ealert%28%27QUIXSS%27%29%3B%3C%2Fscript%3E&route=search

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.