Lucene search
Talat MehmoodPACKETSTORM:160995HistoryJan 19, 2021 - 12:00 a.m.
osTicket 1.14.2 Server-Side Request Forgery
2021-01-1900:00:00
Talat Mehmood
packetstormsecurity.com
104
0.736 High
EPSS
Percentile
98.1%
`# Exploit Title: osTicket 1.14.2 - SSRF
# Date: 18-01-2021
# Exploit Author: Talat Mehmood
# Vendor Homepage: https://osticket.com/
# Software Link: https://osticket.com/download/
# Version: <1.14.3
# Tested on: Linux
# CVE : CVE-2020-24881
osTicket before 1.14.3 suffers from Server Side Request Forgery [SSRF]. HTML page is rendered on backend server on calling "Print" ticket functionality.
Below are the steps to reproduce this vulnerability:
1. Create a new ticket
2. Select "HTML Format" format.
3. Add an image tag with your payload in src attribute i.e. "<img src=https://mymaliciouswebsite.com">
4. After submitting this comment, print this ticket.
5. You'll receive a hit on your malicious website from the internal server on which osTicket is deployed.
For more details, read my following blog:
https://blackbatsec.medium.com/cve-2020-24881-server-side-request-forgery-in-osticket-eea175e147f0
https://nvd.nist.gov/vuln/detail/CVE-2020-24881
`
Related
huntr
huntr
Server-Side Request Forgery (SSRF) in osticket/osticket
2021-09-19 17:30:41
nvd
nvd
CVE-2020-24881
2020-11-02 21:15:26
prion
prion
Server side request forgery (ssrf)
2020-11-02 21:15:00
osv
osv
CVE-2020-24881
2020-11-02 21:15:26
cvelist
cvelist
CVE-2020-24881
2020-11-02 14:42:36
cve
cve
CVE-2020-24881
2020-11-02 21:15:26
exploitdb
exploitdb
osTicket 1.14.2 - SSRF
2021-01-19 00:00:00
openvas
openvas
osTicket < 1.14.3 Multiple Vulnerabilities
2020-08-31 00:00:00