ATutor browse.php show_course Variable XSS

2005-06-16T04:43:15
ID OSVDB:17351
Type osvdb
Reporter Lostmon Lords(Lostmon@gmail.com)
Modified 2005-06-16T04:43:15

Description

Vulnerability Description

ATutor contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the show_course variable upon submission to the browse.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Upgrade to version 1.5 RC3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

ATutor contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the show_course variable upon submission to the browse.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[target]/ATutor/browse.php?cat=0&show_course=1[XSS-CODE]

References:

Vendor URL: http://www.atutor.ca/atutor/download.php Security Tracker: 1014216 Secunia Advisory ID:15705 Related OSVDB ID: 17352 Related OSVDB ID: 17355 Related OSVDB ID: 17356 Related OSVDB ID: 17354 Related OSVDB ID: 17358 Related OSVDB ID: 17359 Related OSVDB ID: 17357 Related OSVDB ID: 17353 Other Advisory URL: http://lostmon.blogspot.com/2005/06/atutor-multiple-variable-cross-site.html CVE-2005-2044 Bugtraq ID: 13972