E-School Management System XSS vuln.
###############################################
Vuln. discovered by : r0t
Date: 27 march 2006
vendor:www.calorisplanitia.com/e-school-management-system.aspx
affected versions: 1.0 and prior
orginal advisory:
http://pridels.blogspot.com/2006/03/e-school-management-system-xss-vuln.html
###############################################
Vuln. description:
E-School Management System contains a flaw that allows a remote cross site
scripting attack. This flaw exists because input passed to "msg" parameter
in "default.asp" isn't properly sanitised before being returned to the user.
This could allow a user to create a specially crafted URL that would execute
arbitrary code in a user's browser within the trust relationship between the
browser and the server, leading to a loss of integrity.
/default.asp?msg=[XSS]
###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/
Web Quiz pro XSS vuln.
###############################################
Vuln. discovered by : r0t
Date: 27 march 2006
vendor:www.calorisplanitia.com/online-quiz-system.aspx
affected versions: pro
orginal advisory:
http://pridels.blogspot.com/2006/03/web-quiz-pro-xss-vuln.html
###############################################
Vuln. description:
Web Quiz pro contains a flaw that allows a remote cross site scripting
attack. This flaw exists because input passed to "exam" parameter in "
prequiz.asp" and "msg" parameter in "student.asp" isn't properly sanitised
before being returned to the user.
This could allow a user to create a specially crafted URL that would execute
arbitrary code in a user's browser within the trust relationship between the
browser and the server, leading to a loss of integrity.
/prequiz.asp?examid=1&exam=[XSS]
/student.asp?msg=[XSS]
###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/