Efront version 3.6.11 suffers from cross site scripting and shell upload vulnerabilities.
5c179156a4a5a17ecc6bdbcb3aafd189cc11707ca9c531ac8383372e7c32213f
########################################################
#
# Exploit Title : Efront Multiple Vulnerabilities
#
# Author : IrIsT.Ir & Sec4Ever.com
#
# Discovered By : L3b-r1'z
#
# Home : http://IrIsT.Ir & http://Sec4Ever.com
#
# P Blob : http://L3b-r1z.com/
#
# Software Link : http://www.efrontlearning.net
#
# Security Risk : High
#
# Version : 3.6.11
#
# Tested on : win\XP
#
# Dork : allintext: "eFront (version 3.6.11)"
#
########################################################
#
# RFU - Remote File Upload :
#
# first, you have to register in the site :).
# then go to your profile, and make messege to everyone
# upload .php shell as ATTACHMENT, then click SEND MESSEGE
########################################################
#
# Xss :
#
# First, You Have To Register In The Site :).
# Then Go To Your Profile, and Make New Messege To Admin site
# Put On Subject b0x : "><ScRiPt>alert("LOL")</ScRiPt>
# Now Click Send Messege And Enjoy.
#
#
#########################################################
#
# Special Thx to : Irist.ir Team & Sec4ever.com Team
#
#########################################################
#
# Greet'z : Am1r, The Injector, Sec4ever, b0x, Paulzz, Virus-Ra3ech,
Damane2011
# Hacker-1420, Th3 Killer Dz, OVER-X <3, Stalk3r, The Viper, N4ss1m, B07
M4S73R
# Ked-Ans, And All Members Of Irist And Sec4ever
#
#########################################################
--
Proud To Be Lebanese :D
I Will Miss You My Friends : b0x, Virus-Ra3ch, Damane2011, Hacker-1420, The
Injector, N4ss1m, Sec4ever, B07 M4S73R, Stalk3r, Hacker-Dz, Mr.XKILLeR, The
Viper, Th3 Killer Dz, Over-X <3, And All My Friends.
Sec4ever.com.