0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
dotProject 2.1.3 XSS and Improper Permissions
[=============================================
dotProject 2.1.3 XSS and Improper Permissions
=============================================
# Exploit Title: dotProject 2.1.3 XSS and Improper Permissions
# Date: Dec 15 2009
# Author: h00die
# Software Link: http://sourceforge.net/projects/dotproject/files/dotproject/dotProject%20Version%202.1.3/dotproject_2_1_3.zip/download
# Version: 2.1.3
# Tested on: BT4 pre-final
#Timeline
#Discovery Date: Dec 9 2009
#Vendor Notification: Jan 5 2010
#Public Disclosure:
#Findings:
1. Admin’s Custom Field page is not properly protected from standard users (Default User, role of Project Worker), which can be used with finding 2.
http://[ip]/dotproject/index.php?m=system&a=custom_field_editor
2. Cross Site Scripting (XSS) via HTML Tag Options field for Custom Fields within all categories (Companies, Projects, Tasks, Calendar)
http://[ip]/dotproject/index.php?m=system&a=custom_field_editor
then ‘Add a new Custom Field to this Module’, use Field Display Type as Label, add <script>alert('xss custom module tag options');</script> for HTML Tag Options. Keep description blank and this field will be invisible when being executed in the victim’s browser
3. Companies is vulnerable to multiple XSS attacks in the following fields:
Company Name, Address1, Address2, URL, and Description via page: http://[ip]/dotproject/index.php?m=companies&a=addedit
4. Projects is vulnerable to multiple XSS attacks, but it is only when viewing that specific project’s details. When listing all projects the script is not executed and the text is all displayed, so this is not very covert.
Project Name, URL, Staging URL, and Description via page http://[ip]/dotproject/index.php?m=projects&a=addedit
5. Tasks is vulnerable to XSS via the Task Name field but no other fields.
http://[ip]/dotproject/index.php?m=tasks
6. Files has multiple XSS issues.
Folder Name is vulnerable to XSS via http://[ip]/dotproject/index.php?m=files&a=addedit_folder
File Description is vulnerable to XSS via http://[ip]/dotproject/index.php?m=files&a=addedit&folder=0
7. Contacts (contact list is safe) is vulnerable to XSS when viewing that contact’s details, similar to #4
Job Title, Title, Address1, Address2, URL, Jabber, MSN, Yahoo, and Contact Notes are all vulnerable via http://[ip]/dotproject/index.php?m=contacts&a=addedit
8. Forums is vulnerable to XSS
Forum Name and Description are vulnerable to XSS via http://[ip]/dotproject/index.php?m=forums&a=addedit
Within a Topic, a Subject and message are both vulnerable to XSS
9. Tickets is vulnerable to XSS attacks in the following field:
E-Mail via http://[IP]/dotproject/index.php?m=ticketsmith&a=post_ticket
# 0day.today [2024-07-03] #