# Exploit Title: IFrame Injection/Cross Site Scripting Zoho Planner # Date: 26.03.2012 # Author: Sony and Flexxpoint # Software Link: https://planner.zoho.com/login.do # Web Browser : Mozilla Firefox # Blog Flexxpoint: http://flexxpoint.blogspot.com/ # Blog Sony: http://st2tea.blogspot.com # Site : http://insecurity.ro # PoC: http://st2tea.blogspot.com/2012/03/iframe-injection-zoho-planner.html .................................................................. Well, we have simple IFrame Injection in Zoho Planner. A lot of fields in Planner vuln to IFrame Injection. Some pics: http://1.bp.blogspot.com/-TeEgX-Bolyo/T3BbmuhsWfI/AAAAAAAAA3o/GZ44l0hxilA/s1600/planner.JPG And we can share this page: http://1.bp.blogspot.com/-kDhbFNr4Bts/T3BcA6qb9nI/AAAAAAAAA30/eAVwUeu0qSs/s1600/page.JPG http://4.bp.blogspot.com/-cKc87zx7Jp8/T3BdPwYeq8I/AAAAAAAAA4A/brbijHo-R9U/s1600/zz.JPG Links: https://planner.zoho.com/public/9cFPJ%2B9AHivFeKtB5e%2B2xnTSQcOn7WCf https://planner.zoho.com/public/9cFPJ%2B9AHivFeKtB5e%2B2xq%2BYywariZ7J Video PoC: (simple) http://www.youtube.com/embed/gUlby00Ai04 and Cross Site Scripting: http://img62.imageshack.us/img62/9804/screenshot2732012.png Persistent XSS. https://planner.zoho.com/public/umYocnKNsn3FeKtB5e%2B2xkj3SVhWUBnO http://2.bp.blogspot.com/-xqLeppn0Ljg/T3CtpbHOpiI/AAAAAAAAA4Y/qtSl4YKOP34/s1600/persistent.JPG https://planner.zoho.com/public/umYocnKNsn3FeKtB5e%2B2xnTSQcOn7WCf p.s. Iframe Injection we can see in the Bugtracker Zoho (change status). http://2.bp.blogspot.com/-ui927W7TCcE/T3BjV8cgG3I/AAAAAAAAA4M/0wq-pZCAGAc/s1600/zoho-status.JPG