ATutor Multiple XSS Vulnerabilities
洪光霁
ATutor is "a web based education portal". Multiple cross site scripting vulnerabilities have been discovered in the ATutor program allowing a remote attacker to embed arbitrary HTML and/or JavaScript into the web site displayed by the product.
Credit:
The information has been provided by h4cky0u.[@more@]
Credit:
The information has been provided by h4cky0u.[@more@]
Vulnerable Systems:
* ATutor version 1.5.1
Proof of Concepts:
The following URLs can be used to trigger the vulnerabilities:
http://localhost/tour/login.php?course=">>
http://localhost/tour/search.php?search=1&search=1 &words=">&include=all&find_in=all&display_as=pages
By matrix_killer');&include=all&find_in=all&display_as=pages&submit=Search
来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/83980/viewspace-804885/,如需转载,请注明出处,否则将追究法律责任。
转载于:http://blog.itpub.net/83980/viewspace-804885/
类似资料: