efront e-learning LMS version 3.1.2 suffers from cross site scripting vulnerabilities.
e6144a7c9d5d381e91195a19b7116260cfd5cf614fa5cc0937251ccf3c3e12ad
__fuzion___ ____
______/ \__// \__/____\
_/ \_/ : //____\\
/| : : .. / \
| | :: :: \ /
| | :| || \ \______/
| | || || |\ / |
\| || || | / | \
| || || | / /_\ \
| ___ || ___ || | / / \
\_-_/ \_-_/ | ____ |/__/ \
_\_--_/ \ /
/____ /
/ \ /
\______\_________/
Product:
efront e-learning LMS 3.1.2
http://www.efrontlearning.net/
Vulnerable:
http://[site]/index.php?message=[xss]
http://[site]/send_file.php?message=[xss]
Extra:
send_file.php does not require any privledges to upload. Note that exe, php, and php3 filetypes are denied by default.
Uploaded files are stored in http://[site]/content/lessons/Students/
Greetings to:
d3hydr8, whoami, beenu, kasi, MosDef, etc
Everyone at darkc0de.com & rootmybox.org
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed