Cross-site Scripting (XSS) - Stored in polonel/trudesk
Reported on
Jun 14th 2021
💥 BUG
Stored xss using ticket content in markdown
💥 IMPACT
There is no xss filter present . Using this stored xss external user can attack admin and can execute arbitary javascript code in vicitm account .
TESTED VERSION
trudesk 1.1.5
💥 STEP TO REPRODUCE
1. First goto http://localhost:8118/settings/general from admin account and grab your ticketing url http://localhost:8118/newissue .
2. Now as external user open above ticketing url and create a new ticket .
During creation put bellow xss payload in as ticket content .
[click_Me](javascript:alert(document.domain))
3. Now goto admin account and view the above ticket and click the link and see xss is executed.
So, any external user can make xss attack and can execute arbitary javascript code execution in victim trudesk account.
Thus attacker can read victim all ticket details or perform other operation
💥 VIDEO
https://drive.google.com/file/d/1kxHMq5Fp45VBJISE2Gp2ZtwryR-PKn9n/view?usp=sharing
💥 STUDY
https://owasp.org/www-community/attacks/xss/
https://portswigger.net/web-security/cross-site-scripting
https://en.wikipedia.org/wiki/Cross-site_scripting
https://www.acunetix.com/websitesecurity/cross-site-scripting/
Occurrences
