Exploit Title: Premium Support Tickets For WHMCS Reflected XSS
Exploit Author: Sajibe Kanti
Vendor: ModulesGarden
Vendor Homepage:
https://www.modulesgarden.com/products/whmcs/premium-support-tickets
Product Name: Premium Support Tickets For WHMCS
Product Version: v1.2.10
Tested Version: WHMCS 8.10.1
Tested on: Windows 10
Vulnerabilities Discovered Date: 29/04/2024
Description:
The Premium Support Tickets For WHMCS plugin by ModulesGarden is vulnerable
to a reflected cross-site scripting (XSS) attack. This vulnerability allows
an attacker to inject malicious JavaScript code into the “error&msg=”
parameter of the submitticket.php page, leading to the execution of
arbitrary code in the context of the victim’s browser.
Proof of Concept (POC):
1. Identify a website that utilizes the Premium Support Tickets For WHMCS
plugin by ModulesGarden.
2. Navigate to the ticket submission page (submitticket.php).
3. Select any department to open a new ticket.
4. If you lack support credit points, you will receive an error message
with the parameter “error&msg=clientarea_message_cantcreateinthisdept”.
5. Inject your payload into the “error&msg=” parameter.
6. Construct the following URL with your payload:
https://example.com/submitticket.php?PremiumSupportTickets=error&msg=%22/%3E%3CsvG%20onLoad=alert(/xss/)%3E
7. Replace the payload with your desired XSS payload:
“
GIPHY App Key not set. Please check settings