tikajhq / tiket

TIKET is a ticketing/helpdesk system to support and help you deal with issues/incidents in your organization or from customers.

https://www.tikaj.com

96 stars 35 forks source link

Multiple Critical Security Vulnerabilites (XSS, Privilege Escalation, SQL Injection) #9

Open ghost opened 3 years ago

ghost commented 3 years ago

This software has multiple critical security issues!!

Stored XSS (https://portswigger.net/web-security/cross-site-scripting)

Username
Email ID
Ticket Subject
Ticket Purpose
And more...

Privilege Escalation (https://portswigger.net/web-security/access-control)

Any valid user can create new users (of any privilege)

SQL Injection (https://portswigger.net/web-security/sql-injection)

/API/Ticket/updateTicket
/tabler/list_users

More Information

I wrote a blog post about these vulnerabilities with pictures and more in-depth explanations, please see for more information: http://blog.slicklabz.com/bugbounty/opensource/tikaj_helpdesk

-CRFSlick

eksha commented 3 years ago

Hi,

Thank you for reporting the vulnerabilities. We would like to address them in future updates if the community is using them in production environment.

I want to appreciate the effort you have to taken to make a detailed report to address security issues in such small opensource project and keeping it secure.

Thank you for the effort.

ddiaz2380 commented 3 years ago

I have the same problem, if a file is not attached, the comment is not refreshed ... but if you manually refresh the browser if you add it. Someone fix it?

CMLCNL commented 3 years ago

Has this been fixed? Thank you for. I liked your work very much. @eksha

eksha commented 3 years ago

@CMLCNL we have not been able to yet dedicate time on these issues. If someone would like to contribute, we would be very happy to accept PRs!

Please keep following this thread, we will try to soon expediate this.