--------------------------------------------------------------------------- Multiple Vulnerabilities in TUTOS --------------------------------------------------------------------------- Author: Jose Antonio Coret (Joxean Koret) Date: 2004 Location: Basque Country --------------------------------------------------------------------------- Affected software description: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ TUTOS 1.1 (2004-04-14) and prior versions TUTOS is a tool to manage the the organizational needs of small groups, teams, departments ... To do this it provides some web-based tools. Web : http://www.tutos.org --------------------------------------------------------------------------- Vulnerabilities: ~~~~~~~~~~~~~~~~ A. SQL Injection. You can insert sql commands in the /file/file_overview.php by inserting it in the link_id parameter. To try this : http:///file/file_overview.php?link_id=1005'asdf B. Cross Site Scripting B1. In the address book the search field is vulnerable to XSS. You can try it by simply : 1.- Logging into TUTOS 2.- Click on the Address Module 3.- In the search field insert the following data : "><script>alert(document.cookie)</script> 4.- You will see your cookie B2. In the app_new.php script there is also an other xss vulnerability. Try the following URL : http:///app_new.php?t=200408240<script>alert(document.cookie)</script> The fix: ~~~~~~~~ The author has fixed all the problems. As a new relase wil be available soon this release will have all the fixes included. (Currently on the way to CVS). Disclaimer: ~~~~~~~~~~~ The information in this advisory and any of its demonstrations is provided "as is" without any warranty of any kind. I am not liable for any direct or indirect damages caused as a result of using the information or demonstrations provided in any part of this advisory. --------------------------------------------------------------------------- Contact: ~~~~~~~~ Joxean Koret at joxeanpiti<<<<<<<<@>>>>>>>>yah00<<<<<>>>>es