CVE-2011-1062

This is a functional XSS exploit for TaskFreak! 0.6.4, demonstrating multiple injection points via crafted form inputs. The PoC uses hidden form fields with malicious JavaScript payloads to trigger XSS when submitted.

The exploit demonstrates a cross-site scripting (XSS) vulnerability in TaskFreak! 0.6.4 by injecting malicious script tags into the 'dir' and 'show' parameters of the 'print_list.php' endpoint. The lack of input sanitization allows arbitrary JavaScript execution in the context of the affected site.

The exploit demonstrates multiple XSS vulnerabilities in TaskFreak! v0.6.4 by injecting malicious scripts into POST parameters (sContext, sort, dir, show) and GET parameters (dir, show) via index.php and print_list.php, as well as the Referer header via rss.php. The PoC includes a form with hidden inputs and a trigger link to execute the XSS payloads.

This exploit demonstrates a cross-site scripting (XSS) vulnerability in TaskFreak! 0.6.4 by injecting malicious input into the Referer header of an HTTP request to rss.php. The lack of input sanitization allows arbitrary script execution in the context of the affected site.