[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [Full-disclosure] eFront Enterprise v3.6.10 - Multiple Remote
From: "research () vulnerability-lab ! com" <research () vulnerability-lab ! com>
Date: 2011-10-28 17:14:50
Message-ID: 4EAAE30A.4040901 () vulnerability-lab ! com
[Download RAW message or body]
Title:
======
eFront Enterprise v3.6.10 - Multiple Remote Vulnerabilities
Date:
=====
2011-10-27
References:
===========
http://www.vulnerability-lab.com/get_content.php?id=298
VL-ID:
=====
298
Introduction:
=============
Tailored with larger organizations in mind, eFront Enterprise offers solutions for the \
management of companies most valued asset - the people. Based on a coherent approach to human \
capital management which keeps the workforce actively engaged, the eFront Enterprise platform \
offers the means of aligning learning programs with business goals to cultivate employee \
skills and knowledge associated with business performance. eFront Enterprise builds on top of \
eFront Educational.
(Copy of the Vendor Homepage: http://efrontlearning.net/product/efront-enterprise.html)
Abstract:
=========
An anonymous Researcher of the Vulnerability Laboratory Team discovered multiple remote \
vulnerabilties on the eFronts Enterprise CMS v3.6.10
Report-Timeline:
================
2011-10-20: Vendor Notification
2011-10-21: Vendor Response/Feedback
2011-10-26: Vendor Fix/Patch
2011-10-27: Public or Non-Public Disclosure
Status:
========
Published
Exploitation-Technique:
=======================
Remote
Severity:
=========
Critical
Details:
========
1.1
An anonymous Researcher of the Vulnerability Laboratory Team discovered a multiple sql \
injection vulnerabilities on eFronts Enterprise CMS v3.6.10. The vulnerability allows an remote \
attacker or local privileged user account(low:trainee) to inject own sql commands/statements \
over a vulnerable param. Successful exploitation of the sql injection vulnerability can result \
in dbms & cms compromise.
Vulnerable Module(s):
[+] survey
Vulnerable File(s):
[+] professor.php
Vulnerable Param(s):
[+] ?ctg=survey&surveys_ID=
[+] ?ctg=survey&screen_survey=
1.2
An anonymous Researcher of the Vulnerability Lab Team discovered a database disclosure \
vulnerability on eFronts Enterprise CMS v3.6.10. Successful exploitation can result in a \
database steal after upgrade or installation of the CMS.
Vulnerable Module(s):
[+] Install
Vulnerable File(s):
[+] install.php
Vulnerable Param(s):
[+] ?step=2&upgrade=1
Proof of Concept:
=================
The vulnerabilities can be exploited by remote attackers & local low privileged user accounts.
For demonstration or reproduce ...
1.1 - SQL Injection Vulnerabilities
PoC:
http://xxx.com/enterprise/www/professor.php?ctg=survey&action=preview&surveys_ID=1+and%201=0--
http://xxx.com/enterprise/www/professor.php?ctg=survey&action=preview&surveys_ID=1+and%201=1--
1.2 - Database Disclosure Vulnerability
PoC:
http://www.xxx.com/e-learning/www/install2/install.php?step=2&upgrade=1 <View Source>
Solution:
=========
2011-10-26: Vendor Fix/Patch => http://forum.efrontlearning.net/viewtopic.php?f=15&t=3501
Risk:
=====
The security risk of the vulnerabilities are estimated as high(+).
Credits:
========
Vulnerability Research Laboratory - Mohammed Abdelkader A.
Disclaimer:
===========
The information provided in this advisory is provided as it is without any warranty. \
Vulnerability-Lab disclaims all warranties, either expressed or implied, including the \
warranties of merchantability and capability for a particular purpose. Vulnerability- Lab or \
its suppliers are not liable in any case of damage, including direct, indirect, incidental, \
consequential loss of business profits or special damages, even if Vulnerability-Lab or its \
suppliers have been advised of the possibility of such damages. Some states do not allow the \
exclusion or limitation of liability for consequential or incidental damages so the foregoing \
limitation may not apply. Any modified copy or reproduction, including partially usages, of \
this file requires authorization from Vulnerability- Lab. Permission to electronically \
redistribute this alert in its unmodified form is granted. All other rights, including the use \
of other media, are reserved by Vulnerability-Lab or its suppliers.
Copyright © 2011|Vulnerability-Lab
--
Website: www.vulnerability-lab.com ; vuln-lab.com or vuln-db.com
Contact: admin@vulnerability-lab.com or support@vulnerability-lab.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic