tiket icon indicating copy to clipboard operation
tiket copied to clipboard

Published 20 hours ago verified publisher icon tikajhq

Multiple Critical Security Vulnerabilites (XSS, Privilege Escalation, SQL Injection)

Open ghost opened this issue 4 years ago • 4 comments

This software has multiple critical security issues!!

Stored XSS (https://portswigger.net/web-security/cross-site-scripting)

  • Username
  • Email ID
  • Ticket Subject
  • Ticket Purpose
  • And more...

Privilege Escalation (https://portswigger.net/web-security/access-control)

  • Any valid user can create new users (of any privilege)

SQL Injection (https://portswigger.net/web-security/sql-injection)

  • /API/Ticket/updateTicket
  • /tabler/list_users

More Information

I wrote a blog post about these vulnerabilities with pictures and more in-depth explanations, please see for more information: http://blog.slicklabz.com/bugbounty/opensource/tikaj_helpdesk

-CRFSlick

ghost avatar Jan 15 '21 03:01 ghost

Hi,

Thank you for reporting the vulnerabilities. We would like to address them in future updates if the community is using them in production environment.

I want to appreciate the effort you have to taken to make a detailed report to address security issues in such small opensource project and keeping it secure.

Thank you for the effort.

eksha avatar Jan 21 '21 09:01 eksha

I have the same problem, if a file is not attached, the comment is not refreshed ... but if you manually refresh the browser if you add it. Someone fix it?

ddiaz2380 avatar Apr 08 '21 06:04 ddiaz2380

Has this been fixed? Thank you for. I liked your work very much. @eksha

CMLCNL avatar Apr 17 '21 17:04 CMLCNL

@CMLCNL we have not been able to yet dedicate time on these issues. If someone would like to contribute, we would be very happy to accept PRs!

Please keep following this thread, we will try to soon expediate this.

eksha avatar Apr 21 '21 11:04 eksha