TCExam <=11.2.011 Multiple SQL Injection Vulnerabilities
Title: TCExam <=11.2.011 Multiple SQL Injection Vulnerabilities
Advisory ID: ZSL-2011-5026
Type: Local/Remote
Impact: Exposure of System Information, Exposure of Sensitive Information, Manipulation of Data
Risk: (3/5)
Release Date: 13.07.2011
Apache 2.2.14 (Win32)
PHP 5.3.1
MySQL 5.1.41
[10.07.2011] Initial contact with the vendor.
[11.07.2011] Vendor responds asking more details.
[11.07.2011] Sent details to vendor.
[12.07.2011] Vendor confirms the issues.
[12.07.2011] Working with the vendor.
[13.07.2011] Vendor releases version 11.2.012 to address these issues.
[13.07.2011] Coordinated public security advisory released.
High five to Dr. Nicola Asuni
[2] http://sourceforge.net/projects/tcexam/files/CHANGELOG.TXT
[3] http://www.exploit-db.com/exploits/17529/
[4] http://packetstormsecurity.org/files/103040
[5] http://securityreason.com/wlb_show/WLB-2011070041
[6] http://www.securityfocus.com/bid/48670
[7] http://xforce.iss.net/xforce/xfdb/68549
[14.07.2011] - Added reference [4], [5] and [6]
[19.07.2011] - Added reference [7]
Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk
Advisory ID: ZSL-2011-5026
Type: Local/Remote
Impact: Exposure of System Information, Exposure of Sensitive Information, Manipulation of Data
Risk: (3/5)
Release Date: 13.07.2011
Summary
TCExam is a FLOSS system for electronic exams (also know as CBA - Computer-Based Assessment, CBT - Computer-Based Testing or e-exam) that enables educators and trainers to author, schedule, deliver, and report on quizzes, tests and exams.Description
Input passed via multiple parameters to multiple scripts is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.Vendor
Tecnick.com s.r.l. - http://www.tcexam.orgAffected Version
11.2.009, 11.2.010 and 11.2.011Tested On
Microsoft Windows XP Professional SP3 (EN)Apache 2.2.14 (Win32)
PHP 5.3.1
MySQL 5.1.41
Vendor Status
[09.07.2011] Vulnerability discovered.[10.07.2011] Initial contact with the vendor.
[11.07.2011] Vendor responds asking more details.
[11.07.2011] Sent details to vendor.
[12.07.2011] Vendor confirms the issues.
[12.07.2011] Working with the vendor.
[13.07.2011] Vendor releases version 11.2.012 to address these issues.
[13.07.2011] Coordinated public security advisory released.
PoC
tcexam_sqli.txtCredits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>High five to Dr. Nicola Asuni
References
[1] http://sourceforge.net/projects/tcexam/files/tcexam_11_2_012.zip[2] http://sourceforge.net/projects/tcexam/files/CHANGELOG.TXT
[3] http://www.exploit-db.com/exploits/17529/
[4] http://packetstormsecurity.org/files/103040
[5] http://securityreason.com/wlb_show/WLB-2011070041
[6] http://www.securityfocus.com/bid/48670
[7] http://xforce.iss.net/xforce/xfdb/68549
Changelog
[13.07.2011] - Initial release[14.07.2011] - Added reference [4], [5] and [6]
[19.07.2011] - Added reference [7]
Contact
Zero Science LabWeb: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk