BugTraq
Vulnerabilities in TUTOS Sep 18 2004 08:46PM
Joxean Koret (joxeankoret yahoo es)


------------------------------------------------------------------------
---

Multiple Vulnerabilities in TUTOS

------------------------------------------------------------------------
---

Author: Jose Antonio Coret (Joxean Koret)

Date: 2004

Location: Basque Country

------------------------------------------------------------------------
---

Affected software description:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

TUTOS 1.1 (2004-04-14) and prior versions

TUTOS is a tool to manage the the

organizational needs of small groups, teams,

departments ... To do this it provides some

web-based tools.

Web : http://www.tutos.org

------------------------------------------------------------------------
---

Vulnerabilities:

~~~~~~~~~~~~~~~~

A. SQL Injection.

You can insert sql commands in

the /file/file_overview.php by inserting

it in the link_id parameter.

To try this :

http://<site-with-tutos>/file/file_overview.php?link_id=1005'asdf

B. Cross Site Scripting

B1. In the address book the search field is

vulnerable to XSS. You can

try it by simply :

1.- Logging into TUTOS

2.- Click on the Address Module

3.- In the search field insert the following

data :

"><script>alert(document.cookie)</script>

4.- You will see your cookie

B2. In the app_new.php script there is also an

other xss vulnerability.

Try the following URL :

http://<site-with-tutos>/app_new.php?t=200408240<script>alert(docu
ment.cookie)</script>

The fix:

~~~~~~~~

The author has fixed all the problems. As a new

relase wil be available soon

this release will have all the fixes included.

(Currently on the way to CVS).

Disclaimer:

~~~~~~~~~~~

The information in this advisory and any of its

demonstrations is provided

"as is" without any warranty of any kind.

I am not liable for any direct or indirect damages

caused as a result of

using the information or demonstrations

provided in any part of this

advisory.

------------------------------------------------------------------------
---

Contact:

~~~~~~~~

Joxean Koret at

joxeanpiti<<<<<<<<@>>>>>>>>yah00<<<<<<dot>>>>>es

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus