ATutor 1.6.4 – Multiple Cross-Site Scripting Vulnerabilities

Exploit Database
7 阅读

作者： ITSecTeam

日期： 2010-03-11
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/11685/

Topic : ATutor 1.6.4
Bugs Type : Cross Site Scripting (all of them)
Credit : ItSecTeam
Remote : Yes
Status : Bug

# mail : Bug@ItSecTeam.com
# Dork : "ATutor 1.6.4"
#Special Tnx : am!rkh@n, Amin Shokohi(Pejvak), C0M0D0, 0xd41684c654, r3dmove And All It Security Team Members
#Website : WwW.ITSecTeam.com

########################## Exploit #############################
the bugs can be explited as below:

#1: After logging in as an instructor go to manage section and add a poll and inject your XSS code as a questaion or choices.
#2: After logging in as an instructor go to manage section and Create a new Group and inject your XSS code as title or group type.
#3: After logging in as an instructor go to manage section and Add an Assignment with XSS code as title.

last Exploits
ATutor 1.6.4 – Multiple Cross-Site Scripting Vulnerabilities的更多信息

Linksys AX3200 V1.1.00 – Command Injection：
Joomla! Component com_rsgallery2 2.0 – ‘catid’ SQL Injection：
newsp.eu PHP Calendar Script 1.0 – User Credentials Disclosure：
School File Management System 1.0 – ‘username’ SQL Injection：
D-Link DSL-3782 – Authentication Bypass：
phpMyAdmin 4.8.4 – ‘AllowArbitraryServer’ Arbitrary File Read：
xClassified – ‘ads.php’ SQL Injection：
Flippa Clone – SQL Injection：