cve/2020/CVE-2020-24881.md

CVE-2020-24881

Description

SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scanning.

POC

Reference

• http://packetstormsecurity.com/files/160995/osTicket-1.14.2-Server-Side-Request-Forgery.html
• http://packetstormsecurity.com/files/160995/osTicket-1.14.2-Server-Side-Request-Forgery.html
• https://blackbatsec.medium.com/cve-2020-24881-server-side-request-forgery-in-osticket-eea175e147f0
• https://blackbatsec.medium.com/cve-2020-24881-server-side-request-forgery-in-osticket-eea175e147f0

Github

• https://github.com/ARPSyndicate/cvemon
• https://github.com/Legoclones/pentesting-osTicket