eTicket 'index.php' Cross Site Scripting Path Vulnerability

2008-01-29T00:00:00
ID SECURITYVULNS:DOC:18963
Type securityvulns
Reporter Securityvulns
Modified 2008-01-29T00:00:00

Description


eTicket 'index.php' Cross Site Scripting Path Vulnerability


Name: eTicket 'index.php' Cross Site Scripting Path Vulnerability Application: eTicket Versions Affected: 1.5.6-RC4 Severity: Medium Vendor: eTicket, http://sourceforge.net/projects/eticket Bug: XSS Path vulnerability Exploitation: Client side, remote Author: Alessandro `jekil` Tanasi email: alessandro@tanasi.it web: http://www.tanasi.it Date: 20/01/2008 Advisory: http://www.lonerunners.net/users/jekil/pub/hack-eticket/hack-eticket.txt


Table of contents:

I. Background II. Description III. Analysis IV. Detection V. Fix VI. Vendor Response VII. CVE Information VIII. Disclousure timeline IX. Credits


I. BACKGROUND

eTicket is a PHP-based electronic (open source) support ticket system based on osTicket, that can receive tickets via email (pop3/pipe) or a web form. It also offers a ticket manager with many features. An ideal helpdesk solution for any website.

II. DESCRIPTION

The application eTicket version 1.5.6-RC4 is prone to a Cross Site Scripting Path vulnerability.

III. ANALYSIS

Attackers may exploit these issue through a web browser. To exploit the cross-site scripting issues, an attacker must entice an unsuspecting victim into visiting a malicious URI.

IV. DETECTION

Proof of concept: http://example.com/index.php/"><script>alert('XSS')</script>

V. FIX

Properly validate user input.

VI. VENDOR RESPONSE

No vendor response at this time.

VII. CVE INFORMATION

No CVE at this time.

VIII. DISCLOSURE TIMELINE

21012008 Bug discovered 21012008 Vendor contacted

IX. CREDIT

Alessandro `jekil` Tanasi is credited with the discovery of this vulnerability.