Techbypass always tries to help you to learn about recent vulnerabilities and exploitations.

Learn and share your security findings and help others to secure their digital assets.

Need any help mail to [email protected]

0 votes
Recently a Persistent Cross-Site Scripting vulnerability was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. How can I validate my instance is vulnerable or not?
by (169 points)

1 Answer

0 votes
1. At first, go to setup/install.php page

2. put the XSS payload into the first name and last name user input field.

3. Fill the other details and click on 'continue', As there is no validation those malicious javascript will store in the database and an agent account will be created.

4. Now login as that agent and navigate to "agents" tab where you can find the inserted payload in the first name and Lastname field.

5. Now click on the first name value and see the payload gets executed.
by (269 points)