Exploitation Summary
EIP tracks 4 public exploits for CVE-2005-1375. PoCs published by K-C0d3r, mh_p0rtal, Sieg Fried.
AI-analyzed exploit summary This Perl script exploits a SQL injection vulnerability in Claroline E-Learning Application by injecting a UNION-based SQL query to extract user credentials from the database. It targets two specific endpoints: userInfo.php and exercises_details.php.
Description
Multiple SQL injection vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to execute arbitrary SQL commands via (1) learningPath.php, (2) learningPathAdmin.php, (3) learnPath_details.php, (4) modules_pool.php, (5) module.php, (6) uInfo parameter in userInfo.php, or (7) exo_id parameter to exercises_details.php.
Exploits (4)
This Perl script exploits a SQL injection vulnerability in Claroline E-Learning Application by injecting a UNION-based SQL query to extract user credentials from the database. It targets two specific endpoints: userInfo.php and exercises_details.php.
This PHP script exploits a SQL injection vulnerability in Claroline E-Learning Application by crafting malicious HTTP GET requests to extract user credentials from the database. It targets either 'userInfo.php' or 'exercises_details.php' with UNION-based SQLi payloads.
The provided text describes multiple vulnerabilities in Claroline e-Learning Application, including SQL injection, XSS, directory traversal, and remote file inclusion. It includes an example SQL injection payload but lacks executable exploit code.
The provided text describes multiple vulnerabilities in Claroline e-Learning Application, including SQL injection, XSS, directory traversal, and remote file inclusion. It includes an example SQL injection payload for exploiting the vulnerability.