efront-312-xss.txt

2008-01-24T00:00:00
ID PACKETSTORM:62941
Type packetstorm
Reporter fuzion
Modified 2008-01-24T00:00:00

Description

                                        
                                            `   
__fuzion___ ____   
______/ \__// \__/____\   
_/ \_/ : //____\\   
/| : : .. / \   
| | :: :: \ /   
| | :| || \ \______/   
| | || || |\ / |   
\| || || | / | \   
| || || | / /_\ \   
| ___ || ___ || | / / \   
\_-_/ \_-_/ | ____ |/__/ \  
_\_--_/ \ /  
/____ /   
/ \ /   
\______\_________/   
  
  
Product:  
efront e-learning LMS 3.1.2  
http://www.efrontlearning.net/  
  
Vulnerable:  
http://[site]/index.php?message=[xss]  
http://[site]/send_file.php?message=[xss]  
  
Extra:  
send_file.php does not require any privledges to upload. Note that exe, php, and php3 filetypes are denied by default.  
Uploaded files are stored in http://[site]/content/lessons/Students/  
  
Greetings to:  
d3hydr8, whoami, beenu, kasi, MosDef, etc  
Everyone at darkc0de.com & rootmybox.org`