Disclosure: gtd-php Multiple Vulnerabilities

[This was originally published on OSVDB, now gone. VulnDB IDs 24149, 24150, 24151, 24152, 24153, 24154, 24155, 24156, 24157, 24158]

From: security curmudgeon
To: sjrey[at]users.sourceforge.net
Date: Sun, 19 Mar 2006 22:42:24 -0500 (EST)
Subject: gtd input sanitization (XSS) vulnerabilities

Hey Serge,

While playing with the version 0.5 demo of gtd, I noticed that the program doesn’t sanitize user input in several places. This can allow for various forms of Cross-Site Scripting (XSS) attacks. Here are the places I noticed:

Description and Title Field
Script renders when listProjects.php is called, or any page that gives the Project drop down selection.

Description and Title Field
Script renders when listList.php is called.

Description and Title Field
Script renders when listWaitingOn.php is called.

Title Field
Script renders when listChecklist.php is called.

Title Field
Script renders when reportContext.php is called.

Category Name
Script renders when creating new items (any that list a category to select).

Title Field
Script renders when listGoals.php is called.

Additionally, when playing around, some of the scripts would temporarily show output before redirecting to another page. These also render the script code, and can be called directly:



From: Serge Rey
To: security curmudgeon
Date: Sun, 19 Mar 2006 20:29:31 -0800
Subject: Re: gtd input sanitization (XSS) vulnerabilities


thanks for taking the time to let me know about this.

i took the demo off-line for now.

we will add the filtering soon.


Leave a Reply