ATutor password_reminder.php forgot Variable XSS

2006-07-05T12:48:48
ID OSVDB:27021
Type osvdb
Reporter Security News()
Modified 2006-07-05T12:48:48

Description

Vulnerability Description

ATutor contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'forgot' variable upon submission to the password_reminder.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Upgrade to version 1.5.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

ATutor contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'forgot' variable upon submission to the password_reminder.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

/ATutor-1.5.3RC2/password_reminder.php?forgot=Email+Reminder"><script>alert(document.cookie)</script><a%20"

References:

Vendor Specific News/Changelog Entry: http://www.atutor.ca/view/3/8341/1.html Secunia Advisory ID:20941 Secunia Advisory ID:21008 Related OSVDB ID: 27022 Related OSVDB ID: 27019 Related OSVDB ID: 27020 Related OSVDB ID: 27023 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-07/0078.html FrSIRT Advisory: ADV-2006-2691 CVE-2006-3484 Bugtraq ID: 18857