https://pwnwiki.com/index.php?action=history&feed=atom&title=CVE-2020-24881_osTicket_1.14.2_%E6%9C%8D%E5%8B%99%E5%99%A8%E7%AB%AF%E8%AB%8B%E6%B1%82%E5%81%BD%E9%80%A0%E6%BC%8F%E6%B4%9E 2026-04-20T19:00:44Z Revision history for this page on the wiki MediaWiki 1.35.1 https://pwnwiki.com/index.php?title=CVE-2020-24881_osTicket_1.14.2_%E6%9C%8D%E5%8B%99%E5%99%A8%E7%AB%AF%E8%AB%8B%E6%B1%82%E5%81%BD%E9%80%A0%E6%BC%8F%E6%B4%9E&diff=3768&oldid=prev 2021-05-31T04:06:10Z

<p>Created page with &quot;==POC== &lt;pre&gt; # Exploit Title: osTicket 1.14.2 - SSRF # Date: 18-01-2021 # Exploit Author: Talat Mehmood # Vendor Homepage: https://osticket.com/ # Software Link: https://osti...&quot;</p> <p><b>New page</b></p><div>==POC==<br /> &lt;pre&gt;<br /> # Exploit Title: osTicket 1.14.2 - SSRF<br /> # Date: 18-01-2021<br /> # Exploit Author: Talat Mehmood<br /> # Vendor Homepage: https://osticket.com/<br /> # Software Link: https://osticket.com/download/<br /> # Version: &lt;1.14.3 <br /> # Tested on: Linux<br /> # CVE : CVE-2020-24881<br /> <br /> osTicket before 1.14.3 suffers from Server Side Request Forgery [SSRF]. HTML page is rendered on backend server on calling &quot;Print&quot; ticket functionality.<br /> <br /> Below are the steps to reproduce this vulnerability:<br /> <br /> 1. Create a new ticket<br /> 2. Select &quot;HTML Format&quot; format.<br /> 3. Add an image tag with your payload in src attribute i.e. &quot;&lt;img src=https://mymaliciouswebsite.com&quot;&gt;<br /> 4. After submitting this comment, print this ticket.<br /> 5. You'll receive a hit on your malicious website from the internal server on which osTicket is deployed.<br /> <br /> For more details, read my following blog:<br /> <br /> https://blackbatsec.medium.com/cve-2020-24881-server-side-request-forgery-in-osticket-eea175e147f0<br /> https://nvd.nist.gov/vuln/detail/CVE-2020-24881<br /> &lt;/pre&gt;</div>

Pwnwiki