{"id":57488,"date":"2024-06-14T17:50:02","date_gmt":"2024-06-14T14:50:02","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/179094\/pstwhmcs1210-xss.txt"},"modified":"2024-06-14T17:50:02","modified_gmt":"2024-06-14T14:50:02","slug":"premium-support-tickets-for-whmcs-1-2-10-cross-site-scripting","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/premium-support-tickets-for-whmcs-1-2-10-cross-site-scripting\/","title":{"rendered":"Premium Support Tickets For WHMCS 1.2.10 Cross Site Scripting"},"content":{"rendered":"<p>Exploit Title: Premium Support Tickets For WHMCS Reflected XSS<br \/>Exploit Author: Sajibe Kanti<br \/>Vendor: ModulesGarden<br \/>Vendor Homepage:<br \/>https:\/\/www.modulesgarden.com\/products\/whmcs\/premium-support-tickets<br \/>Product Name: Premium Support Tickets For WHMCS<br \/>Product Version: v1.2.10<br \/>Tested Version: WHMCS 8.10.1<br \/>Tested on: Windows 10<br \/>Vulnerabilities Discovered Date: 29\/04\/2024<\/p>\n<p>Description:<br \/>The Premium Support Tickets For WHMCS plugin by ModulesGarden is vulnerable<br \/>to a reflected cross-site scripting (XSS) attack. This vulnerability allows<br \/>an attacker to inject malicious JavaScript code into the &#8220;error&amp;msg=&#8221;<br \/>parameter of the submitticket.php page, leading to the execution of<br \/>arbitrary code in the context of the victim&#8217;s browser.<\/p>\n<p>Proof of Concept (POC):<br \/>1. Identify a website that utilizes the Premium Support Tickets For WHMCS<br \/>plugin by ModulesGarden.<br \/>2. Navigate to the ticket submission page (submitticket.php).<br \/>3. Select any department to open a new ticket.<br \/>4. If you lack support credit points, you will receive an error message<br \/>with the parameter &#8220;error&amp;msg=clientarea_message_cantcreateinthisdept&#8221;.<br \/>5. Inject your payload into the &#8220;error&amp;msg=&#8221; parameter.<br \/>6. Construct the following URL with your payload:<\/p>\n<p>https:\/\/example.com\/submitticket.php?PremiumSupportTickets=error&amp;msg=%22\/%3E%3CsvG%20onLoad=alert(\/xss\/)%3E<br \/>7. Replace the payload with your desired XSS payload:<br \/>&#8220;&lt;svg\/onLoad=alert(\/OPENBUGBOUNTY\/)&gt;&#8221;<br \/>8. Visit the modified URL in your browser.<br \/>9. Observe the XSS popup indicating successful exploitation of the<br \/>vulnerability.<\/p>\n<p>Impact:<br \/>Successful exploitation of this vulnerability could allow an attacker to<br \/>execute arbitrary JavaScript code in the context of an authenticated user&#8217;s<br \/>browser session. This could lead to various attacks, including but not<br \/>limited to:<\/p>\n<p>&#8211; Theft of sensitive information (session cookies, credentials, etc.)<br \/>&#8211; Phishing attacks targeting users of the affected WHMCS instance<br \/>&#8211; Defacement of the website or redirection to malicious content<br \/>&#8211; Browser-based attacks such as keylogging or screen capturing<\/p>\n<p>Note: This exploit is for educational purposes only. Unauthorized access to<br \/>or modification of systems is illegal and unethical. Always obtain proper<br \/>authorization before testing or exploiting vulnerabilities.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Exploit Title: Premium Support Tickets For WHMCS Reflected XSSExploit Author: Sajibe KantiVendor: ModulesGardenVendor Homepage:https:\/\/www.modulesgarden.com\/products\/whmcs\/premium-support-ticketsProduct Name: Premium Support Tickets For WHMCSProduct Version: v1.2.10Tested Version: WHMCS 8.10.1Tested on: Windows 10Vulnerabilities Discovered Date: 29\/04\/2024 Description:The Premium Support Tickets For WHMCS plugin by ModulesGarden is vulnerableto a reflected cross-site scripting (XSS) attack. This vulnerability allowsan attacker to inject malicious &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-57488","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/57488","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=57488"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/57488\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=57488"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=57488"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=57488"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}