[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040918204609.30731.qmail@www.securityfocus.com>
Date: 18 Sep 2004 20:46:09 -0000
From: Joxean Koret <joxeankoret@...oo.es>
To: bugtraq@...urityfocus.com
Subject: Vulnerabilities in TUTOS
---------------------------------------------------------------------------
Multiple Vulnerabilities in TUTOS
---------------------------------------------------------------------------
Author: Jose Antonio Coret (Joxean Koret)
Date: 2004
Location: Basque Country
---------------------------------------------------------------------------
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
TUTOS 1.1 (2004-04-14) and prior versions
TUTOS is a tool to manage the the
organizational needs of small groups, teams,
departments ... To do this it provides some
web-based tools.
Web : http://www.tutos.org
---------------------------------------------------------------------------
Vulnerabilities:
~~~~~~~~~~~~~~~~
A. SQL Injection.
You can insert sql commands in
the /file/file_overview.php by inserting
it in the link_id parameter.
To try this :
http://<site-with-tutos>/file/file_overview.php?link_id=1005'asdf
B. Cross Site Scripting
B1. In the address book the search field is
vulnerable to XSS. You can
try it by simply :
1.- Logging into TUTOS
2.- Click on the Address Module
3.- In the search field insert the following
data :
"><script>alert(document.cookie)</script>
4.- You will see your cookie
B2. In the app_new.php script there is also an
other xss vulnerability.
Try the following URL :
http://<site-with-tutos>/app_new.php?t=200408240<script>alert(document.cookie)</script>
The fix:
~~~~~~~~
The author has fixed all the problems. As a new
relase wil be available soon
this release will have all the fixes included.
(Currently on the way to CVS).
Disclaimer:
~~~~~~~~~~~
The information in this advisory and any of its
demonstrations is provided
"as is" without any warranty of any kind.
I am not liable for any direct or indirect damages
caused as a result of
using the information or demonstrations
provided in any part of this
advisory.
---------------------------------------------------------------------------
Contact:
~~~~~~~~
Joxean Koret at
joxeanpiti<<<<<<<<@>>>>>>>>yah00<<<<<<dot>>>>>es
Powered by blists - more mailing lists