Authored by Talat Mehmood

osTicket 1.14.2 suffers from a server-side request forgery vulnerability.

advisories | CVE-2020-24881

# Exploit Title: osTicket 1.14.2 - SSRF
# Date: 18-01-2021
# Exploit Author: Talat Mehmood
# Vendor Homepage:
# Software Link:
# Version: <1.14.3
# Tested on: Linux
# CVE : CVE-2020-24881

osTicket before 1.14.3 suffers from Server Side Request Forgery [SSRF]. HTML page is rendered on backend server on calling "Print" ticket functionality.

Below are the steps to reproduce this vulnerability:

1. Create a new ticket
2. Select "HTML Format" format.
3. Add an image tag with your payload in src attribute i.e. "<img src=">
4. After submitting this comment, print this ticket.
5. You'll receive a hit on your malicious website from the internal server on which osTicket is deployed.

For more details, read my following blog: