0c65b881ba
10 changes to exploits/shellcodes/ghdb Milesight Routers UR5X_ UR32L_ UR32_ UR35_ UR41 - Credential Leakage Through Unprotected System Logs and Weak Password Encryption WhatsUp Gold 2022 (22.1.0 Build 39) - XSS Clinic's Patient Management System 1.0 - Unauthenticated RCE Curfew e-Pass Management System 1.0 - FromDate SQL Injection GYM MS - GYM Management System - Cross Site Scripting (Stored) MISP 2.4.171 - Stored XSS TASKHUB-2.8.8 - XSS-Reflected Wordpress 'simple urls' Plugin < 115 - XSS
29 lines
No EOL
1.1 KiB
Text
29 lines
No EOL
1.1 KiB
Text
## Title: TASKHUB-2.8.8-XSS-Reflected
|
|
## Author: nu11secur1ty
|
|
## Date: 09/22/2023
|
|
## Vendor: https://codecanyon.net/user/infinitietech
|
|
## Software: https://codecanyon.net/item/taskhub-project-management-finance-crm-tool/25685874
|
|
## Reference: https://portswigger.net/web-security/cross-site-scripting
|
|
|
|
|
|
## Description:
|
|
The value of the JSON parameter within the project parameter is copied
|
|
into the HTML document as plain text between tags. The payload
|
|
vn5mr<img src=a onerror=alert(1)>i62kl was submitted in the JSON
|
|
parameter within the project parameter. This input was echoed
|
|
unmodified in the application's response. The already authenticated
|
|
(by using a USER ACCOUNT)attacker can get a CSRF token and cookie
|
|
session it depends on the scenarios.
|
|
|
|
[+]Test exploit:
|
|
surw7%3Cscript%3Ealert(1)%3C%2fscript%3E
|
|
|
|
## Reproduce:
|
|
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/infinitietech/TASKHUB-2.8.8)
|
|
|
|
## Proof and Exploit:
|
|
[href](https://www.nu11secur1ty.com/2023/09/taskhub-288-xss-reflected.html)
|
|
|
|
System Administrator - Infrastructure Engineer
|
|
Penetration Testing Engineer
|
|
home page: https://www.nu11secur1ty.com/ |