Product: ATutor
Download: https://github.com/atutor/ATutor
Vunlerable Version: 2.2.2 and probably prior
Tested Version: 2.2.2
Author: ADLab of Venustech
Advisory Details:
Cross-Site Scripting (XSS) were discovered in“ATutor 2.2.2”, which can be exploited to execute arbitrary JS code.
The parameter "url" in the file /ATutor/mods/_standard/rss_feeds/edit_feed.php is unsafe, we can bypass the XSS filter.An attacker could execute arbitrary JS code in a browser in the context of the vulnerable website.
The exploitation examples below use the "alert()" JavaScript function to see a pop-up messagebox:
the poc is : =file%3A%2F%2F%2Fetc%2Fpasswd+%3C%3E%3Cimg+src%3Dxx+onerror%3Dalert%281%29%3E
The text was updated successfully, but these errors were encountered:
@atutor
I am providing more details about this vulnerability.
setp1: In the file /ATutor/mods/_standard/rss_feeds/edit_feed.php, while adding a news feed, and the parameter "url" is "file%3A%2F%2F%2Fetc%2Fpasswd+%3C%3E%3Cimg+src%3Dxx+onerror%3Dalert%281%29%3E"
Issue has now been resolved at: 9292360
Given it is a relatively minor issue, we will release this fix in the next release (2.2.3) rather than posting a patch. Mention its fixed in 2.2.3, or point to the git commit for the fix for earlier versions, in your report.
Product: ATutor
Download: https://github.com/atutor/ATutor
Vunlerable Version: 2.2.2 and probably prior
Tested Version: 2.2.2
Author: ADLab of Venustech
Advisory Details:
Cross-Site Scripting (XSS) were discovered in“ATutor 2.2.2”, which can be exploited to execute arbitrary JS code.
The parameter "url" in the file /ATutor/mods/_standard/rss_feeds/edit_feed.php is unsafe, we can bypass the XSS filter.An attacker could execute arbitrary JS code in a browser in the context of the vulnerable website.
The exploitation examples below use the "alert()" JavaScript function to see a pop-up messagebox:
the poc is : =file%3A%2F%2F%2Fetc%2Fpasswd+%3C%3E%3Cimg+src%3Dxx+onerror%3Dalert%281%29%3E
The text was updated successfully, but these errors were encountered: