Claroline CMS suffers from a stored cross site scripting vulnerability.
184a813ebf6effe0e7b33cf5cf885898222b33d2e8eca7e1cdb5e00201ce0b9c
############################### HUT CNIS #############################
# Exploit Title: Claroline CMS stored XSS Vulnerability
# Date: [2011/10/19]
# Author: S.Azadi
# Google Dork: intext:Powered by Claroline 2001 - 2009
# Vulnerability Type: Stored XSS
# Version: Claroline © 2001 2009
#---------------------------------------------------------------------
Technical Details:
PoC:
Once you create free account and login to your account on Claroline, go to edit your personal informations option: http://sitename and defualt path/claroline/auth/profile.php
Now edit your Name and First name with javascript code: <script>alert(document.cookie)</script>
With this vulnerability you can access to admin cookie and login instead admin.
sample:
http://www.econdu.ac.bd/claroline192/ || username: dark.shadow / password: 123456
http://www.interlink.edu/claroline/uncg/ || username: dark.shadow / password: 123456
#
#
#
###########-HUT Center for Network and Information Security-################