Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormJesper JurcenoksPACKETSTORM:57336
HistoryJun 29, 2007 - 12:00 a.m.

eticket-xss.txt

2007-06-2900:00:00
Jesper Jurcenoks
packetstormsecurity.com
27

0.01 Low

EPSS

Percentile

82.1%

JSON
` netVigilance Security Advisory #31  
  
eTicket version 1.5.5 XSS Attack Vulnerability   
Description:  
eTicket is an electronic (open source) support ticket system based on osTicket, that can receive tickets via email (pop3 or pipe) and a web-based form, as well as manage them using a web interface.  
  
Successful exploitation requires PHP register_globals set to On.  
External References:   
Mitre CVE: CVE-2007-2801  
NVD NIST: CVE-2007-2801  
OSVDB: 34786  
  
Summary:   
eTicket is an electronic (open source) support ticket system based on osTicket.  
Security problem in the product allows attackers to conduct XSS attacks.  
  
Advisory URL:   
http://www.netvigilance.com/advisory0031  
Release Date:  
06/27/2007  
  
Severity:  
Risk: Medium  
  
CVSS Metrics:  
Access Vector: Remote  
Access Complexity: High  
Authentication: Not-required  
Confidentiality Impact: Partial  
Integrity Impact: Partial  
Availability Impact: Partial   
Impact Bias: Normal  
CVSS Base Score: 5.6  
  
Target Distribution on Internet: Low  
  
Exploitability: Functional Exploit  
Remediation Level: Workaround  
Report Confidence: Confirmed  
  
Vulnerability Impact: Attack  
Host Impact: XSS Attack  
  
SecureScout Testcase ID:  
TC 17961  
Vulnerable Systems:  
eTicket version 1.5.5 (new version 1.5.5.1 is also vulnerable)  
Vulnerability Type:  
XSS (Cross-Site Scripting) to force a web-site to display malicious contents to the target, by sending a specially crafted request to the web-site. The vulnerable web-site is not the target of attack but is used as a tool for the hacker in the attack of the victim.  
  
Vendor:  
HM2K  
  
Vendor Status:   
HM 2K from eTicket got the Draft advisory on 21 May 2007 and got extensive support in how to fix the security problems on 23 May 2007 and 28 May 2007.  
In HM 2K's own words HM 2K "lost interest" and HM 2K "seriously found it too difficult to orchestrate what you [netVigilance] were asking from me [HM 2K], so I just did what I thought was best.". netVigilance's tests show that version 1.5.5.1 is also vulnerable. There currently is no official fix for this advisory.  
  
Workaround:  
In the php.ini file set register_globals = Off.   
Example:   
REQUEST:  
http://[TARGET]/[PRODUCT FOLDER]/open.php?err=<script>alert(document.cookie)</script>  
OR  
http://[TARGET]/[PRODUCT FOLDER]/open.php?warn=<script>alert(document.cookie)</script>  
REPLY:  
Will execute <script>alert(document.cookie)</script>  
  
Credits:   
Jesper Jurcenoks  
Co-founder netVigilance, Inc  
www.netvigilance.com  
  
`

Related

cve 1
prion 1
securityvulns 2
cve
cve
CVE-2007-2801
2007-06-30 01:30:00
prion
prion
Cross site scripting
2007-06-30 01:30:00
securityvulns
securityvulns
[Full-disclosure] eTicket version 1.5.5 XSS Attack Vulnerability
2007-06-28 00:00:00
Daily web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2007-06-28 00:00:00

0.01 Low

EPSS

Percentile

82.1%

JSON
Related for PACKETSTORM:57336
cve1prion1securityvulns2