Exploit Title: Premium Support Tickets For WHMCS Reflected XSS Exploit Author: Sajibe Kanti Vendor: ModulesGarden Vendor Homepage: https://www.modulesgarden.com/products/whmcs/premium-support-tickets Product Name: Premium Support Tickets For WHMCS Product Version: v1.2.10 Tested Version: WHMCS 8.10.1 Tested on: Windows 10 Vulnerabilities Discovered Date: 29/04/2024 Description: The Premium Support Tickets For WHMCS plugin by ModulesGarden is vulnerable to a reflected cross-site scripting (XSS) attack. This vulnerability allows an attacker to inject malicious JavaScript code into the "error&msg=" parameter of the submitticket.php page, leading to the execution of arbitrary code in the context of the victim's browser. Proof of Concept (POC): 1. Identify a website that utilizes the Premium Support Tickets For WHMCS plugin by ModulesGarden. 2. Navigate to the ticket submission page (submitticket.php). 3. Select any department to open a new ticket. 4. If you lack support credit points, you will receive an error message with the parameter "error&msg=clientarea_message_cantcreateinthisdept". 5. Inject your payload into the "error&msg=" parameter. 6. Construct the following URL with your payload: https://example.com/submitticket.php?PremiumSupportTickets=error&msg=%22/%3E%3CsvG%20onLoad=alert(/xss/)%3E 7. Replace the payload with your desired XSS payload: "<svg/onLoad=alert(/OPENBUGBOUNTY/)>" 8. Visit the modified URL in your browser. 9. Observe the XSS popup indicating successful exploitation of the vulnerability. Impact: Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of an authenticated user's browser session. This could lead to various attacks, including but not limited to: - Theft of sensitive information (session cookies, credentials, etc.) - Phishing attacks targeting users of the affected WHMCS instance - Defacement of the website or redirection to malicious content - Browser-based attacks such as keylogging or screen capturing Note: This exploit is for educational purposes only. Unauthorized access to or modification of systems is illegal and unethical. Always obtain proper authorization before testing or exploiting vulnerabilities.