Collabtive 3.1 HTML injection Vuln. | Cyber-Warrior Information Technology's World

Root > Exploits / Vulnerabilities > Collabtive 3.1 HTML injection Vuln.

Madde
	Author : Bug Researchers
	Date : 02.02.2019 13:26:29
	# Collabtive 3.1 HTML injection Vuln. [Full Screen Display]

	#################################################################### # Exploit Title : Collabtive 3.1 html injection Vulnerability # Author [ Discovered By ] : Expertt # Team : Cyber-Warrior.org Bug Researchers Group # Date : 17/01/2019 # Vendor Homepage : https://webcollab.sourceforge.io/ # Software Download Link : https://sourceforge.net/projects/collabtive/files/collabtive/ # Affected Versions : 3.1 # Tested On : Wampp, Windows,Lampp # Category : WebApps # Exploit Risk : Medium # Vulnerability Type : # Sofrware Description : Collabtive is web based collaboration software. # It is an Open Source alternative for proprietary tools like Active Collab or Basecamp. # Features include: Projects, Instant Messenger, Tasks, Files, Timetracking, Multilanguage, Basecamp import #################################################################### # Impact : ******** * On the Manage task list page, when we create a new task, * html codes are running when we write the name of the task between html tags. * where an html indicates the weakness of the injection. * https://i.hizliresim.com/QLvnvj.png #################################################################### # PoC : **************************** * HTML Code : <h6>qqqq</h6> * Post Request : target.com/[PATH]/managetasklist.php?action=addtask&id=1 ####################################################################