AContent 1.1 (category_name) Remote Script Insertion Vulnerability

2011.08.06

Credit: Gjoko 'LiquidWorm' Krstic

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

AContent 1.1 (category_name) Remote Script Insertion Vulnerability
Vendor: ATutor (Inclusive Design Institute)
Product web page: http://www.atutor.ca
Affected version: 1.1 (build r296)
Summary: AContent is an open source learning content authoring system
and respository used to create interoperable, accessible, adaptive
Web-based learning content. It can be used along with learning management
systems to develop, share, and archive learning materials.
Desc: AContent suffers from a stored cross-site scripting vulnerability.
Input thru the POST parameter 'category_name' in '/course_category/index.php'
is not sanitized allowing the attacker to execute HTML code into user's
browser session on the affected site. Auth needed for script insertion.
Tested on: Microsoft Windows XP Professional SP3 (EN)
Apache 2.2.14 (Win32)
PHP 5.3.1
MySQL 5.1.41
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2011-5033
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5033.php
31.07.2011
--
POST http://localhost/AContent/course_category/index.php HTTP/1.0
category_name="><script>alert(1)</script>&add=Add

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

AContent 1.1 (category_name) Remote Script Insertion Vulnerability

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.