CVE-2022-32074 PoC — Enhancesoft osTicket 跨站脚本漏洞

Source

https://github.com/reewardius/CVE-2022-32074

Associated Vulnerability

Title:Enhancesoft osTicket 跨站脚本漏洞 (CVE-2022-32074)
Description:Enhancesoft osTicket是美国Enhancesoft公司的一套开源的票务系统。 Enhancesoft osTicket 存在安全漏洞，该漏洞源于其组件audit/class.audit.php允许攻击者通过精心制作的SVG文件执行任意网站脚本或HTML。

Readme

# CVE-2022-32074 for osTicket | Support Ticketing System
```
1. Find the file listing directory, the root of the file download directoryм (file_uploads (this is an example)). 
2. Load the following xssPayload.svg and open it
```
Example:

![cve](https://raw.githubusercontent.com/reewardius/CVE-2022-32074/main/cve.png)
![cve2](https://raw.githubusercontent.com/reewardius/CVE-2022-32074/main/cve2.png)

File Snapshot


 [4.0K]  /data/pocs/20864c2d50a981fc07ff1e81246f7106c58b1c94
├── [ 16K]  cve2.png
├── [ 14K]  cve.png
├── [ 404]  README.md
└── [ 394]  xssPayload.svg

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!