Exploit Title: Premium Support Tickets For WHMCS Reflected XSS
Exploit Author: Sajibe Kanti
Vendor: ModulesGarden
Vendor Homepage:
https://www.modulesgarden.com/products/whmcs/premium-support-tickets
Product Name: Premium Support Tickets For WHMCS
Product Version: v1.2.10
Tested Version: WHMCS 8.10.1
Tested on: Windows 10
Vulnerabilities Discovered Date: 29/04/2024Description:
The Premium Support Tickets For WHMCS plugin by ModulesGarden is vulnerable
to a reflected cross-site scripting (XSS) attack. This vulnerability allows
an attacker to inject malicious JavaScript code into the "error&msg="
parameter of the submitticket.php page, leading to the execution of
arbitrary code in the context of the victim's browser.
Proof of Concept (POC):
1. Identify a website that utilizes the Premium Support Tickets For WHMCS
plugin by ModulesGarden.
2. Navigate to the ticket submission page (submitticket.php).
3. Select any department to open a new ticket.
4. If you lack support credit points, you will receive an error message
with the parameter "error&msg=clientarea_message_cantcreateinthisdept".
5. Inject your payload into the "error&msg=" parameter.
6. Construct the following URL with your payload:
https://example.com/submitticket.php?PremiumSupportTickets=error&msg=%22/%3E%3CsvG%20onLoad=alert(/xss/)%3E
7. Replace the payload with your desired XSS payload:
"<svg/onLoad=alert(/OPENBUGBOUNTY/)>"
8. Visit the modified URL in your browser.
9. Observe the XSS popup indicating successful exploitation of the
vulnerability.
Impact:
Successful exploitation of this vulnerability could allow an attacker to
execute arbitrary JavaScript code in the context of an authenticated user's
browser session. This could lead to various attacks, including but not
limited to:
- Theft of sensitive information (session cookies, credentials, etc.)
- Phishing attacks targeting users of the affected WHMCS instance
- Defacement of the website or redirection to malicious content
- Browser-based attacks such as keylogging or screen capturing
Note: This exploit is for educational purposes only. Unauthorized access to
or modification of systems is illegal and unethical. Always obtain proper
authorization before testing or exploiting vulnerabilities.