Note: We can get the same result sending a POST request to /ATutor/mods/_standard/social/connections.php instead of index_public.php (i mentionn this because connections.php can be found without crawling) To understand a little more about this error, we can check the log file(see Figure 4.)Īs we can see in Figure 4 we have a syntax error (Unterminated quoted string) so it might be possible to exploit a sqli if we add an ‘ to the search_friends parameter from that request we get an error. we have a lot of requests (we want to focus on those with parameters), now we can start looking at all the request and read the source code to find vulns or we can try to test each parameter to see if we can get something interesting (test if something brokes), i’ll go with the second option and start testing each parameter/fuzzing to see if we can get something useful.Īfter testing everything i found three interesting things, but i’m going to start analyzing the one related to the CVE-2016-2555, as we can see at Figure 3. So far we know that there’s a SQL injection at the searchFriends function, but i want to find the vuln without using that information, so i launched burp on my local machine and start crawling the website to find interesting endpoints (see Figure 2.)Īs we can see in figure 2. I know that ATutor 2.2.1 has a lot of sql injection vulns but i will start analyzing CVE-2016-2555ĬVE-2016-2555: SQL injection vulnerability in include/lib/mysql_ in ATutor 2.2.1 allows remote attackers to execute arbitrary SQL commands via the searchFriends function to Hi! if you have any question or any suggestion write me to my twitter! RebrawsĪ couple of weeks ago i was looking at the new online course from offensive security (AWAE) and it seems very interesting, but unfortunately i can’t afford it because i’m only a student, so i decided to look at the syllabus and after reading it i set up a local lab with all those apps to exploit them by myself, today i’m going to be writing about ATutor.
0 Comments
Leave a Reply. |