BE-Hacktive
HackTricksTwitterLinkedInSponsorWebsite
French
French
  • BE-Hacktive
  • A propos de l'auteur et du projet
  • Table des matières
  • Contact
  • 🎬Synopsis
    • Technologie dans le temps
    • Cybersécurité
    • CVE
  • 🏆Eskooly - CVE
    • ESKOOLY (FR version)
    • ESKOOLY (EN version)
    • CVE-2024-27709 - SQL Injection in Eskooly Web Product v.3.0
    • ESkooly - Broken Authentication
      • CVE-2024-27710 - Privilege Escalation via Authentication Mechanism in Eskooly Web Product <= v3.0
      • CVE-2024-27711 - User Enumeration via Sign-up Process in Eskooly Web Product <= v3.0
      • CVE-2024-27712 - User Enumeration via Account Settings in Eskooly Web Product <= v3.0
    • CVE-2024-27713 - Protection mechanism Failure in Eskooly Web Product <= v3.0
    • CVE-2024-27715 - Inadequate Password Update Verification in Eskooly Web Product <= v3.0
    • CVE-2024-27716 - Cross-site Scripting (XSS) in Eskooly Web Product <= v3.0
    • CVE-2024-27717 - Cross-Site Request Forgery (CSRF) in Eskooly Web Product <= v3.0
  • 🚨Capsule 1 - Sensibilisation
    • Phishing
      • Phishing - Origines
      • Phishing - Evolution
      • Phishing - Statistiques
      • Phishing - Techniques
      • Phishing - Protection
    • Malware
      • Malware - Origines
      • Malware - Evolution
      • Malware - Catégories
      • Malware - Ransomware
    • Passwords - Mots de passe
      • Passwords - Origines
      • Passwords - Evolution de l'authentification
      • Passwords - Statistiques
      • Passwords - Protégez-vous
  • 🧨Capsule 2 - Ethical Hacking
    • Définition et Méthodologie
  • 🧰Capsule 3 - Outils
    • Burp Suite
      • Installation
      • Intercepter le trafic HTTP avec Burp Proxy
      • Définir le périmètre
      • Intruder et Repeater
  • Capsule 2 - Ethical Hacking
    • Page 1
  • 📖Articles
    • Cybersécurité 2023: 5 menaces majeures et comment s'en protéger
    • Suis-je victime des fuites de données ?
    • LOG4J: La librairie vulnérable qui secoue la planète
    • LOG4SHELL: VENI,VIDI,VICI
    • Protéger votre enfant en ligne: Conseils pour le "Safer Internet Day"
    • ChatGPT: Révolution ou menace ?
    • Le FBI démantèle Raptor Train : Un Botnet Chinois qui a Infecté 260 000 Appareils IoT dans le monde!
  • 🗞️News
    • Exploitation active des vulnérabilités de TP-Link, d'Apache et d'Oracle détectées
    • Microsoft insiste sur l'urgence de patcher les serveurs Exchange en local
Powered by GitBook
On this page
  • Eskooly vulnerability discovery story
  • Introduction
  • The adventure begins
  • Using automated tools
  • Discovering vulnerabilities
  • Writing and submitting the report
  • Collaboration with the supplier
  • Publication of vulnerabilities
  • Conclusion
  1. Eskooly - CVE

ESKOOLY (EN version)

PreviousESKOOLY (FR version)NextCVE-2024-27709 - SQL Injection in Eskooly Web Product v.3.0

Dates

  • Tests: Between February 17 and 19, 2024

  • Reporting: February 20, 2024

  • CVE Request: April 05, 2024

  • Publication of vulnerabilities: 02 July 2024 (after validation by ESKOOLY)

Eskooly vulnerability discovery story

Introduction

I've always been passionate about cybersecurity, and this weekend of February 17 and 18, I had the opportunity to put my skills into practice outside my day job. A friend had asked me to check the security of a free school management application he'd found, called Eskooly. His main concern was the application's security, in particular the possibility of students stealing information or modifying their grades.

The adventure begins

I liked the idea right away. A cyberseurity challenge was exactly what I needed. So I decided to spend my weekend to the task.

Using automated tools

To get started, I used several well-known automated tools in the cybersecurity field:

  • NMAP: A port and service scanner.

  • SQLMAP: A tool for detecting and exploiting SQL vulnerabilities.

These tools enabled me to save time by automating some of the security testing. However, automation has its limits, and it is often necessary to add a layer of manual testing to discover more complex vulnerabilities.

Discovering vulnerabilities

After several hours of testing, I began to find some interesting vulnerabilities. Among the critical vulnerabilities discovered, here are a few examples:

  • SQL Injection: This flaw made it possible to interfere with the application's SQL queries, potentially giving access to the entire database.

  • Broken Authentication: Lack of account locking policy after several failed login attempts, opening the door to brute-force attacks.

  • Cross-site scripting (XSS): Allowed the injection of malicious scripts into web pages viewed by other users, compromising their accounts.

  • Incorrect configuration of security headers: Several security headers essential for protecting the application against various attacks were missing.

These vulnerabilities exposed critical information such as platform users' unencrypted logins and passwords, posing a major security risk.

Writing and submitting the report

On February 20, I wrote a full PENTEST report detailing all the vulnerabilities discovered and recommendations for correcting them. This report was sent directly to the Eskooly vendor.

Collaboration with the supplier

The vendor contacted me the next day, February 21, to discuss the findings. He accepted the report and asked for my help in resolving the issues identified.

Publication of vulnerabilities

On April 5, 2024, the discovered vulnerabilities were published on the MITRE CVE platform. Since then, we've been working closely together to improve the application's security. On July 2, 2024, the supplier gave me the go-ahead to publish these findings, enabling the CVEs to be validated and officially published.

Conclusion

It was a rewarding experience to dive into this security project, discover critical vulnerabilities, and work with the vendor to fix them. In the following articles, we'll explore in more detail how these vulnerabilities were found, exploited and, most importantly, how to remedy them.

: A tool for testing web vulnerabilities.

🏆
BURP (see the tutorial in Capsule 3)