Techbypass always tries to help you to learn about recent vulnerabilities and exploitations.

Question

How can I exploit my osTicket 1.12 - Persistent Cross-Site Scripting (CVE-2019-14750)?

1 Answer

codeshikari · Answer 1 · 2019-08-29T20:34:32+0000

1. At first, go to setup/install.php page

2. put the XSS payload into the first name and last name user input field.

3. Fill the other details and click on 'continue', As there is no validation those malicious javascript will store in the database and an agent account will be created.

4. Now login as that agent and navigate to "agents" tab where you can find the inserted payload in the first name and Lastname field.

5. Now click on the first name value and see the payload gets executed.

Techbypass always tries to help you to learn about recent vulnerabilities and exploitations.

Learn and share your security findings and help others to secure their digital assets.

How can I exploit my osTicket 1.12 - Persistent Cross-Site Scripting (CVE-2019-14750)?

Please log in or register to answer this question.

1 Answer

Please log in or register to add a comment.