0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Create-Project Manager 1.07 Cross Site Scripting / HTML Injection Vulnerabilities
# Exploit Title: Create-Project Manager 1.07 Multi XSS /HTML injection Vunlerabilities # Exploit Author: @ThelastVvV # Vendor Homepage: https://codecanyon.net/item/create-project-manager-with-authenticator/20483329?s_rank=3 # Version: 1.6 # Tested on: 5.4.0-kali4-amd64 --------------------------------------------------------- About : Create! freelancer manager is a complete project management solution for developers, freelancers and software companies, it offers powerful tools for project development, tracking each developer work time for each project, generating invoices for online payment, complete social network with chat and news feed for developers, and powerful financial section for income and expenses.. Summary: Multi Persistent Cross-site Scripting and HTML injection in Create 1.07 - Freelancer Project Manager PoC : 1- Go to any of following: A-Online chat B-Social feed C-Message (title-tag) B-Add new client (all-tags) 2- In the text field type your payload : <h1>vvv</h1> <svg onload=confirm()> 3-then hit Enter 4- Once the admin or users receive the message or read /visit the post feed ... they will be xssed Impact: XSS can lead the adminstators & users Session Hijacking,it can also lead to disclosure of sensitive data and other critical attacks on administrators and the webapp directly. Screentshoots: A-Online chat https://i.imgur.com/nNGVoXI.png B-Social feed https://i.imgur.com/yQle2Mn.png C-Message (title-tag) https://i.imgur.com/8usFkJ7.png B-Add new client (all-tags) https://i.imgur.com/oWYA88d.png # 0day.today [2024-12-24] #