eTicket 'index.php' Cross Site Scripting Path Vulnerability
Name: eTicket 'index.php' Cross Site Scripting Path Vulnerability Application: eTicket Versions Affected: 1.5.6-RC4 Severity: Medium Vendor: eTicket, http://sourceforge.net/projects/eticket Bug: XSS Path vulnerability Exploitation: Client side, remote Author: Alessandro `jekil` Tanasi email: firstname.lastname@example.org web: http://www.tanasi.it Date: 20/01/2008 Advisory: http://www.lonerunners.net/users/jekil/pub/hack-eticket/hack-eticket.txt
Table of contents:
I. Background II. Description III. Analysis IV. Detection V. Fix VI. Vendor Response VII. CVE Information VIII. Disclousure timeline IX. Credits
eTicket is a PHP-based electronic (open source) support ticket system based on osTicket, that can receive tickets via email (pop3/pipe) or a web form. It also offers a ticket manager with many features. An ideal helpdesk solution for any website.
The application eTicket version 1.5.6-RC4 is prone to a Cross Site Scripting Path vulnerability.
Attackers may exploit these issue through a web browser. To exploit the cross-site scripting issues, an attacker must entice an unsuspecting victim into visiting a malicious URI.
Proof of concept: http://example.com/index.php/"><script>alert('XSS')</script>
Properly validate user input.
VI. VENDOR RESPONSE
No vendor response at this time.
VII. CVE INFORMATION
No CVE at this time.
VIII. DISCLOSURE TIMELINE
21012008 Bug discovered 21012008 Vendor contacted
Alessandro `jekil` Tanasi is credited with the discovery of this vulnerability.