XSS vulnerability from Sourcecodester Task Progress Manager 1.0 (update-task.php)
CVE-2024-8140
A vulnerability was found in SourceCodester Task Progress Tracker 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file update-task.php. The manipulation of the argument task_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Affected Project: Task Progress Manager 1.0
Official Website: https://www.sourcecodester.com/php/17479/task-progress-tracker-using-php-and-mysql-source-code.html
Version: 1.0
Related Code file: update-task.php
Injection parameter: task_name
Vulnerability Description
The task_name parameter is vulnerable to the tested XSS payload: <IMG """"><SCRIPT>alert("XSS")</SCRIPT>">
.
Application does not properly sanitize or validate the task_name input, this script could be executed in the user’s browser, leading to an XSS attack.
Analysis
echo "
<script>
alert('Task Updated Successfully');
window.location.href = 'http://localhost/task-progress-tracker/';
</script>
";
In this block, user input is not directly used, but if there were any dynamic content being output within this <script> tag based on user input, it would be a point of XSS.
Demonstration
Below is how Task Progress Tracker looks like:
We can add task as such:
Now let’s try updating the task.
Inject the following payload to task_name form:
<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
Upon sending the traffic containing XSS payload, we can verify the vulnerability: