EduSec 4.2.5 Multiple SQL Injection Vulnerabilities
Title: EduSec 4.2.5 Multiple SQL Injection Vulnerabilities
Advisory ID: ZSL-2016-5326
Type: Local/Remote
Impact: Exposure of System Information, Exposure of Sensitive Information
Risk: (3/5)
Release Date: 25.05.2016
Apache/2.4.12 (Ubuntu)
[12.05.2016] Vendor contacted via contact form.
[13.05.2016] Vendor contacted again via email.
[24.05.2016] No response received from the vendor.
[25.05.2016] Public security advisory released.
[2] https://cxsecurity.com/issue/WLB-2016050131
[3] https://exchange.xforce.ibmcloud.com/vulnerabilities/113512
[4] https://packetstormsecurity.com/files/137202
[26.05.2016] - Added reference [1]
[27.05.2016] - Added reference [2] and [3]
[28.05.2016] - Added reference [4]
Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk
Advisory ID: ZSL-2016-5326
Type: Local/Remote
Impact: Exposure of System Information, Exposure of Sensitive Information
Risk: (3/5)
Release Date: 25.05.2016
Summary
EduSec has a suite of selective modules specifically tailored to the requirements of education industry. EduSec is engineered and designed considering wide range of management functions within the university. With the use of EduSec, staff can be more accountable as it helps to know the performance of each department in just few seconds. Almost all departments within education industry (e. g. admission, administration, time table, examination, HR, finance etc) can be synchronized and accessed. EduSec helps to assign the responsibilities to employee staff and can reduce time wastage and can speed up the administrative functions. Core functions like admissions, library management, transport management, students’ attendance in short entire range of university functions can be well performed by EduSec.Description
EduSec suffers from multiple SQL Injection vulnerabilities. Input passed via multiple 'id' GET parameters are not properly sanitised before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.Vendor
Rudra Softech - http://www.rudrasoftech.comAffected Version
4.2.5Tested On
MySQL/5.5.35-0ubuntu0.12.04.2Apache/2.4.12 (Ubuntu)
Vendor Status
[10.05.2016] Vulnerability discovered.[12.05.2016] Vendor contacted via contact form.
[13.05.2016] Vendor contacted again via email.
[24.05.2016] No response received from the vendor.
[25.05.2016] Public security advisory released.
PoC
edusec_sqli.txtCredits
Vulnerability discovered by Bikramaditya Guha - <bik@zeroscience.mk>References
[1] https://www.exploit-db.com/exploits/39856/[2] https://cxsecurity.com/issue/WLB-2016050131
[3] https://exchange.xforce.ibmcloud.com/vulnerabilities/113512
[4] https://packetstormsecurity.com/files/137202
Changelog
[25.05.2016] - Initial release[26.05.2016] - Added reference [1]
[27.05.2016] - Added reference [2] and [3]
[28.05.2016] - Added reference [4]
Contact
Zero Science LabWeb: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk