The document describes SQL injection vulnerabilities in eFront 3.6.15's new_sidebar.php module, allowing authenticated users to extract sensitive data like password hashes via crafted requests. It includes a PoC URL and HTTP response but lacks full exploit code.
Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:eFront 3.6.15
Auth required
Prerequisites:Authenticated access to eFront · Access to a lesson with specific conditions