######################################################## # # Exploit Title : Efront Multiple Vulnerabilities # # Author : IrIsT.Ir & Sec4Ever.com # # Discovered By : L3b-r1'z # # Home : http://IrIsT.Ir & http://Sec4Ever.com # # P Blob : http://L3b-r1z.com/ # # Software Link : http://www.efrontlearning.net # # Security Risk : High # # Version : 3.6.11 # # Tested on : win\XP # # Dork : allintext: "eFront (version 3.6.11)" # ######################################################## # # RFU - Remote File Upload : # # first, you have to register in the site :). # then go to your profile, and make messege to everyone # upload .php shell as ATTACHMENT, then click SEND MESSEGE ######################################################## # # Xss : # # First, You Have To Register In The Site :). # Then Go To Your Profile, and Make New Messege To Admin site # Put On Subject b0x : "> # Now Click Send Messege And Enjoy. # # ######################################################### # # Special Thx to : Irist.ir Team & Sec4ever.com Team # ######################################################### # # Greet'z : Am1r, The Injector, Sec4ever, b0x, Paulzz, Virus-Ra3ech, Damane2011 # Hacker-1420, Th3 Killer Dz, OVER-X <3, Stalk3r, The Viper, N4ss1m, B07 M4S73R # Ked-Ans, And All Members Of Irist And Sec4ever # ######################################################### -- Proud To Be Lebanese :D I Will Miss You My Friends : b0x, Virus-Ra3ch, Damane2011, Hacker-1420, The Injector, N4ss1m, Sec4ever, B07 M4S73R, Stalk3r, Hacker-Dz, Mr.XKILLeR, The Viper, Th3 Killer Dz, Over-X <3, And All My Friends. Sec4ever.com.