ATutor 2.2.1 SQL Injection / Remote Code Execution

Posted by deepcore on March 2, 2016 – 8:02 pm

This Metasploit module exploits a SQL Injection vulnerability and an authentication weakness vulnerability in ATutor. This essentially means an attacker can bypass authentication and reach the administrators interface where they can upload malicious code. You are required to login to the target to reach the SQL Injection, however this can be done as a student account and remote registration is enabled by default.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« [webapps] Gallery 2 < 2.0.2 – Multiple Vulnerabilities Sophos UTM 525 Full Guard Cross Site Scripting »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

ATutor 2.2.1 SQL Injection / Remote Code Execution

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL