ATutor search.php words Variable XSS

2005-08-18T05:36:23
ID OSVDB:18843
Type osvdb
Reporter matrix_killer(matrix_k@abv.bg)
Modified 2005-08-18T05:36:23

Description

Vulnerability Description

ATutor contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'words' variable upon submission to the 'search.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, the Adaptive Technology Resource Centre has released a patch to address this vulnerability.

Short Description

ATutor contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'words' variable upon submission to the 'search.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[target]/tour/search.php?search=1&search=1&words="><script>alert('There is no other place like 127.0.0.1');</script>&include=all&find_in=all&display_as=pages

http://[target]/tour/search.php?search=1&words="><script>alert('Found By matrix_killer');</script>&include=all&find_in=all&display_as=pages&submit=Search

References:

Vendor URL: http://www.atutor.ca/ Security Tracker: 1014731 Secunia Advisory ID:16496 Related OSVDB ID: 18842 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-08/0261.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0600.html ISS X-Force ID: 21910 CVE-2005-2649 Bugtraq ID: 14598