Task Management System 1.0 - 'First Name and Last Name' Stored XSS

vendor:

Task Management System

by:

Saeed Bala Ahmed (r0b0tG4nG)

4.3

CVSS

MEDIUM

Stored XSS

CWE

Product Name: Task Management System

Affected Version From: Version 1

Affected Version To: Version 1

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Parrot OS

2020

Task Management System 1.0 – ‘First Name and Last Name’ Stored XSS

Task Management System 1.0 is vulnerable to stored XSS. An attacker can exploit this vulnerability by logging in to the CMS with any valid user credentials, clicking on the logged in username on header and selecting Manage Account, renaming the user First Name or Last Name to a malicious script, updating the profile and logging out and logging in again. This will trigger the XSS and the page will display the domain name.

Mitigation:

Input validation should be used to prevent malicious scripts from being stored in the application.

Source

Exploit-DB raw data:

# Exploit Title: Task Management System 1.0 - 'First Name and Last Name' Stored XSS
# Exploit Author: Saeed Bala Ahmed (r0b0tG4nG)
# Date: 2020-12-08
# Google Dork: N/A
# Vendor Homepage: https://www.sourcecodester.com/php/14615/task-management-system-using-phpmysqli-source-code.html
# Software Link: https://www.sourcecodester.com/download-code?nid=14615&title=Task+Management+System+using+PHP%2FMySQLi+with+Source+Code
# Affected Version: Version 1
# Category: Web Application
# Tested on: Parrot OS

Step 1: Log in to the CMS with any valid user credentials.
Step 2: Click on the logged in username on header and select Manage Account.
Step 3: Rename the user First Name or Last Name to "
<script>alert(document.domain)</script> ".
Step 4: Update Profile and this will trigger the XSS.
Step 5: Logout and login again and the page will display the domain name.