dokeos-xss.txt

2007-12-24T00:00:00
ID PACKETSTORM:62058
Type packetstorm
Reporter DoZ
Modified 2007-12-24T00:00:00

Description

                                        
                                            `[HSC] Dokeos Multiple Cross-Site Scripting Vulnerabilities  
  
Dokeos is a learning management  
system<http://www.hackerscenter.com/archive/view.asp?id=28135#>used to  
manage e-learning. It's prone to  
cross-site scripting vulnerability. An attacker may leverage this issue to  
have  
arbitrary script code execute in the browser of an unsuspecting user in the  
context of the affected site. This may help the attacker steal cookie-based  
authentication credentials and launch other attacks.  
  
  
  
  
Hackers Center Security Group (http://www.hackerscenter.com)  
Credit: Doz  
  
  
Risk: Medium  
Class: Input Validation Error  
Remote: YES  
Local: N/A  
  
  
Vendor: Dokeos http://www.dokeos.com/  
Product: Dokeos 1.8.4 & Previous  
  
  
  
* Attackers can exploit these issues via a web client.  
  
  
Exploit Path:  
  
/main/forum/viewforum.php?cidReq=[Forum-ID]&forum=XSS  
/main/forum/viewthread.php?forum=XSS  
  
  
  
/main/work/work.php?cidReq=[Forum-ID]&curdirpath=  
/&display_upload_form=true&origin=XSS  
  
  
  
  
  
  
Google Search:  
  
google:allinurl:"/auth/lostPassword.php"  
  
  
  
Only becoming a Ethical Hacker, you can stop a Hacker. Learn with out having  
to pay thousands!- http://kit.hackerscenter.com - The most comprehensive  
security  
pack you will ever find on the net!  
`