Efront 3.6.11 Cross Site Scripting / Shell Upload

2012-05-07T00:00:00
ID PACKETSTORM:112496
Type packetstorm
Reporter L3b-r1'z
Modified 2012-05-07T00:00:00

Description

                                        
                                            `########################################################  
#  
# Exploit Title : Efront Multiple Vulnerabilities  
#  
# Author : IrIsT.Ir & Sec4Ever.com  
#  
# Discovered By : L3b-r1'z  
#  
# Home : http://IrIsT.Ir & http://Sec4Ever.com  
#  
# P Blob : http://L3b-r1z.com/  
#  
# Software Link : http://www.efrontlearning.net  
#  
# Security Risk : High  
#  
# Version : 3.6.11  
#  
# Tested on : win\XP  
#  
# Dork : allintext: "eFront (version 3.6.11)"  
#  
########################################################  
#  
# RFU - Remote File Upload :  
#  
# first, you have to register in the site :).  
# then go to your profile, and make messege to everyone  
# upload .php shell as ATTACHMENT, then click SEND MESSEGE  
########################################################  
#  
# Xss :  
#  
# First, You Have To Register In The Site :).  
# Then Go To Your Profile, and Make New Messege To Admin site  
# Put On Subject b0x : "><ScRiPt>alert("LOL")</ScRiPt>  
# Now Click Send Messege And Enjoy.  
#  
#  
#########################################################  
#  
# Special Thx to : Irist.ir Team & Sec4ever.com Team  
#  
#########################################################  
#  
# Greet'z : Am1r, The Injector, Sec4ever, b0x, Paulzz, Virus-Ra3ech,  
Damane2011  
# Hacker-1420, Th3 Killer Dz, OVER-X <3, Stalk3r, The Viper, N4ss1m, B07  
M4S73R  
# Ked-Ans, And All Members Of Irist And Sec4ever  
#  
#########################################################  
  
--   
Proud To Be Lebanese :D  
  
I Will Miss You My Friends : b0x, Virus-Ra3ch, Damane2011, Hacker-1420, The  
Injector, N4ss1m, Sec4ever, B07 M4S73R, Stalk3r, Hacker-Dz, Mr.XKILLeR, The  
Viper, Th3 Killer Dz, Over-X <3, And All My Friends.  
  
Sec4ever.com.  
`