Claroline 1.11.8 Cross Site Scripting

2013.10.12
Credit: Arsan
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79
Dork: intext:\"Powered by Claroline\"

?#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~# # # Exploit Title: Claroline 1.11.8 Cross Site Scripting # Date: 2013 11 October # Author: Arsan # Software Homepage: http://www.claroline.net # Version : 1.11.8 # Security Risk: High # Tested on: Windows 8 # Category: webapps # Google Dork: intext:"Powered by Claroline" # #~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~# # # [+] Exploit : # # [-] About Claroline : # # Claroline is an Open Source eLearning and eWorking platform allowing teachers to build # effective online courses and to manage learning and collaborative activities on the web. # Translated into 35 languages, Claroline has a large worldwide users and developers community. # # [-] Description : # # Malicious users can inject JavaScript, HTML. # and attacker can steal the session cookie and take over the account. # # 1) This vulnerability affects /claroline/index.php # # Discovered by: Scripting (XSS_in_URI.script). # /index.php?coursesearchbox_keyword=1 # # Attack details : # URI was set to "onmouseover='prompt(935555)'bad="> # The input is reflected inside a tag parameter between double quotes. # # 2) This vulnerability affects /claroline/claroline/auth/inscription.php # # Discovered by: Scripting (XSS.script). # # Attack details : # HTTP Header input Referer was set to 1_965430'():;900639 # The input is reflected inside Javascript code between single quotes. # # :) by Arsan # #~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~# # # [+] Demo : # ------------------------- # http://demo.claroline.net # ------------------------- # http://claroline.fsm.ac.in/ # http://interlink.edu/claroline/uncg/ # http://claroline.city.academic.gr/ # http://claroline.hcdc.edu.ph/ # http://lms.skr.ac.th/claroline/ # http://its.mexicrea.com/ # http://eejsi.org/NL/claroline195/ # http://liceocecioni.org/elearn/claroline # http://drmasariraonline.com/claro/ # http://inatt.ru/e-learing/ # http://lfrancope.edu.pe/claronline # http://tutorshelp.co.nz/claro/ # http://designextremes.co.uk/claroline/ # http://lms2.icomunidadaprendizaje.net/ # http://henryfabian.com/ # http://continuingeducationprofessional.com/ # http://gotdiversity.com/ # http://synapse.iiml.ac.in/claroline/ # #~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~# # # [+] Contact Me : # # Arsan.Blackhat@gmail.com # Twitter.com/ArsanBlackhat # #~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~# # I L0ve Inj3ct0r Team #~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top