####################################################################

# Exploit Title : Collabtive 3.1 html injection Vulnerability
# Author [ Discovered By ] : @Expertt;
# Team : Cyber-Warrior.org Bug Researchers Group
# Date : 17/01/2019
# Vendor Homepage : https://webcollab.sourceforge.io/
# Software Download Link : https://sourceforge.net/projects/collabtive/files/collabtive/
# Affected Versions : 3.1
# Tested On : Wampp, Windows,Lampp
# Category : WebApps
# Exploit Risk : Medium
# Vulnerability Type :
# Sofrware Descr*iption : Collabtive is web based collaboration software.
# It is an Open Source alternative for proprietary tools like Active Collab or Basecamp.
# Features include: Projects, Instant Messenger, Tasks, Files, Timetracking, Multilanguage, Basecamp import

####################################################################

# Impact :
*********

* On the Manage task list page, when we create a new task,
* html codes are running when we write the name of the task between html tags.
* where an html indicates the weakness of the injection.
* https://i.hizliresim.com/QLvnvj.png

####################################################################

# PoC :
****************************
* HTML Code : lt;h6 gt;qqqq lt;/h6 gt;
* Post Request : target.com/[PATH]/managetasklist.php?action=addtask id=1

####################################################################