CHT Security Red Team Discovered Several Vulnerabilities in Well-Known Domestic Learning System
Summary
Vulnerability List
1. [CVE-2020-10508] Sensitive Data Exposure
2. [CVE-2020-10509] Cross-Site Scripting (Reflected XSS)
3. [CVE-2020-10510] Broken Access Control
Details
1. Sensitive Data Exposure
Description
Improperly stores system files. Attackers can use a specific URL and capture confidential information.
Impact
The leaked personal information and login accounts of the system can be taken for further attack.
Known Affected Software
- version 8 and version 9.
2. Cross-Site Scripting (Reflected XSS)
Description
There are several parameters that were affected by reflected XSS.
Impact
If an attacker can control a script that is executed in the victim's browser, personal information may be leaked to attackers via the vulnerability.
Known Affected Software
- version 8 and version 9.
3. Broken Access Control
Description
After login, attackers can use a specific URL, access unauthorized functionality and data.
Impact
Attackers can conduct vertical privilege escalation via unauthorized page access.
Known Affected Software
- version 8 and version 9.
Credits
- Jalong Chen (CHT Security)