[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

ATutor 1.6.4 Multiple Cross Site Scripting Vulnerability

Author
Itsecteam
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-11203
Category
web applications
Date add
11-03-2010
Platform
unsorted
========================================================
ATutor 1.6.4 Multiple Cross Site Scripting Vulnerability
========================================================

Topic : ATutor 1.6.4
Bugs Type : Cross Site Scripting (all of them)
Credit : ItSecTeam
Remote : Yes
Status : Bug
 
# Dork : "ATutor 1.6.4"

########################## Exploit #############################
the bugs can be explited as below:
 
#1: After logging in as an instructor go to manage section and add a poll and inject your XSS code as a questaion or choices.
#2: After logging in as an instructor go to manage section and Create a new Group and inject your XSS code as title or group type.
#3: After logging in as an instructor go to manage section and Add an Assignment with XSS code as title.



#  0day.today [2024-12-24]  #