NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 2004-09

Vulnerabilities in TUTOS

From: Joxean Koret (joxeankoretyahoo.es)
Date: Sat Sep 18 2004 - 15:46:09 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---------------------------------------------------------------------------
              Multiple Vulnerabilities in TUTOS
---------------------------------------------------------------------------

Author: Jose Antonio Coret (Joxean Koret)
Date: 2004
Location: Basque Country

---------------------------------------------------------------------------

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

TUTOS 1.1 (2004-04-14) and prior versions

TUTOS is a tool to manage the the
organizational needs of small groups, teams,
departments ... To do this it provides some
web-based tools.

Web : http://www.tutos.org

---------------------------------------------------------------------------

Vulnerabilities:
~~~~~~~~~~~~~~~~

A. SQL Injection.

        You can insert sql commands in
the /file/file_overview.php by inserting
it in the link_id parameter.

To try this :

http://<site-with-tutos>/file/file_overview.php?link_id=1005'asdf

B. Cross Site Scripting

B1. In the address book the search field is
vulnerable to XSS. You can
try it by simply :

        1.- Logging into TUTOS
        2.- Click on the Address Module
        3.- In the search field insert the following
data :

        "><script>alert(document.cookie)</script>

        4.- You will see your cookie

B2. In the app_new.php script there is also an
other xss vulnerability.
Try the following URL :

        http://<site-with-tutos>/app_new.php?t=200408240<script>alert(document.cookie)</script>

The fix:
~~~~~~~~

The author has fixed all the problems. As a new
relase wil be available soon
this release will have all the fixes included.
(Currently on the way to CVS).

Disclaimer:
~~~~~~~~~~~

The information in this advisory and any of its
demonstrations is provided
"as is" without any warranty of any kind.

I am not liable for any direct or indirect damages
caused as a result of
using the information or demonstrations
provided in any part of this
advisory.

---------------------------------------------------------------------------

Contact:
~~~~~~~~

        Joxean Koret at
joxeanpiti<<<<<<<<>>>>>>>>yah00<<<<<<dot>>>>>es

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]