HTB23182: SQL Injection in Chamilo LMS

Viewing 0 reply threads
  • Author
    Posts
    • #8620
      AndyP
      Participant

      Advisory ID: HTB23182
      Product: Chamilo LMS
      Vendor: Chamilo Association
      Vulnerable Versions: 1.9.6 and probably prior
      Tested Version: 1.9.6
      Advisory Publication: November 6, 2013 [without technical details]
      Vendor Notification: November 6, 2013
      Vendor Fix: November 9, 2013
      Public Disclosure: November 27, 2013
      Latest Update: November 8, 2013
      Vulnerability Type: SQL Injection [CWE-89]
      CVE Reference: CVE-2013-6787
      Risk Level: Medium
      CVSSv2 Base Score: 6 (AV:N/AC:M/Au:S/C:P/I:P/A:P)
      Solution Status: Fixed by Vendor
      Discovered and Provided: High-Tech Bridge Security Research Lab

      Advisory Details:
      High-Tech Bridge Security Research Lab discovered vulnerability in Chamilo LMS, which can be exploited to perform SQL Injection attacks.

      1) SQL Injection in Chamilo LMS: CVE-2013-6787
      The vulnerability exists due to insufficient validation of “password0” HTTP POST parameter passed to “/main/auth/profile.php” script. A remote authenticated attacker can execute arbitrary SQL commands in application’s database.
      The following exploitation example displays version of MySQL server:




















      Successful exploitation of this vulnerability requires that the application is configured during installation not to encrypt users’ passwords (“Encryption method” option is set to “none”).

      Solution:
      Edit the source code and apply changes according to vendor’s instructions:.

      More Information:
      https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-10-2013-11-06-Moderate-risk-SQL-Injection-in-specific-unrecommended-case

      References:
      [1] High-Tech Bridge Advisory HTB23182 – https://www.htbridge.com/advisory/HTB23182 – SQL Injection in Chamilo LMS.
      [2] Chamilo LMS – http://www.chamilo.org/ – Chamilo aims at bringing you the best e-learning and collaboration platform in the open source world.
      [3] Common Vulnerabilities and Exposures (CVE) – http://cve.mitre.org/ – international in scope and free for public use, CVE® is a dictionary of publicly known information security vulnerabilities and exposures.
      [4] Common Weakness Enumeration (CWE) – http://cwe.mitre.org – targeted to developers and security practitioners, CWE is a formal list of software weakness types.
      [5] ImmuniWeb® – is High-Tech Bridge’s proprietary web application security assessment solution with SaaS delivery model that combines manual and automated vulnerability testing.

Viewing 0 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2022 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?