TaskFreak! v0.6.4 Multiple Cross-Site Scripting Vulnerabilities
Title: TaskFreak! v0.6.4 Multiple Cross-Site Scripting Vulnerabilities
Advisory ID: ZSL-2011-4990
Type: Remote
Impact: Cross-Site Scripting
Risk: (3/5)
Release Date: 11.02.2011
[31.01.2011] Tried contacting vendor thru their forums.
[01.02.2011] 3rd party offered to review vuln details and offered patching.
[10.02.2011] No response from vendor.
[11.02.2011] Public advisory released.
High five to Borg
[2] http://packetstormsecurity.org/files/98426
[3] http://www.exploit-db.com/exploits/16158
[4] http://securityreason.com/wlb_show/WLB-2011020047
[5] http://www.securityfocus.com/bid/46350
[6] http://secunia.com/advisories/43318/
[7] http://www.securityhome.eu/exploits/exploit.php?eid=9581802394d561484427503.77666550
[8] http://xforce.iss.net/xforce/xfdb/65359
[9] http://osvdb.org/show/osvdb/70877
[10] http://osvdb.org/show/osvdb/70878
[11] http://osvdb.org/show/osvdb/70932
[12] http://cve.mitre.org/cgi-bin/cvename.cgi?name=2011-1062
[12.02.2011] - Added reference [2], [3] and [4]
[14.02.2011] - Added reference [5], [6] and [7]
[15.02.2011] - Added reference [8]
[17.02.2011] - Added reference [9] and [10]
[25.02.2011] - Added reference [11] and [12]
Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk
Advisory ID: ZSL-2011-4990
Type: Remote
Impact: Cross-Site Scripting
Risk: (3/5)
Release Date: 11.02.2011
Summary
TaskFreak! Original is a simple but efficient web based task manager written in PHP.Description
TaskFreak! suffers from multiple XSS vulnerabilities when parsing input to multiple parameters in different scripts. The vulnerable POST parameters are: 'sContext', 'sort', 'dir' and 'show' thru index.php. Also the GET parameters 'dir' and 'show' thru 'print_list.php' are vulnerable. Header variable 'referer' is vulnerable thru rss.php script. Attackers can exploit these weaknesses to execute arbitrary HTML and script code in a user's browser session.Vendor
Stan Ozier - http://www.taskfreak.comAffected Version
0.6.4 (multi-user)Tested On
MS Windows XP Pro SP3-EN, XAMPP (latest)Vendor Status
[27.01.2011] Vulnerability discovered.[31.01.2011] Tried contacting vendor thru their forums.
[01.02.2011] 3rd party offered to review vuln details and offered patching.
[10.02.2011] No response from vendor.
[11.02.2011] Public advisory released.
PoC
taskfreak_xss.txtCredits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>High five to Borg
References
[1] git://borg.uu3.net/OEM/taskfreak.git[2] http://packetstormsecurity.org/files/98426
[3] http://www.exploit-db.com/exploits/16158
[4] http://securityreason.com/wlb_show/WLB-2011020047
[5] http://www.securityfocus.com/bid/46350
[6] http://secunia.com/advisories/43318/
[7] http://www.securityhome.eu/exploits/exploit.php?eid=9581802394d561484427503.77666550
[8] http://xforce.iss.net/xforce/xfdb/65359
[9] http://osvdb.org/show/osvdb/70877
[10] http://osvdb.org/show/osvdb/70878
[11] http://osvdb.org/show/osvdb/70932
[12] http://cve.mitre.org/cgi-bin/cvename.cgi?name=2011-1062
Changelog
[11.02.2011] - Initial release[12.02.2011] - Added reference [2], [3] and [4]
[14.02.2011] - Added reference [5], [6] and [7]
[15.02.2011] - Added reference [8]
[17.02.2011] - Added reference [9] and [10]
[25.02.2011] - Added reference [11] and [12]
Contact
Zero Science LabWeb: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk
