Pre-auth OS Command Injection on SUNNET WMPro
The WMPro v5.0 and v5.1 for eLearning system has OS Command Injection via "/teach/course/doajaxfileupload.php". This affects many eLearning system of governments, organizations, companies and universities. The target server can be exploited without authentication.
The injection point is basePath parameter in "/teach/course/doajaxfileupload.php".
We execute OS Command via basePath paramemer without authentication.
We can execute OS Command without authentication and upload the webshell to the target server.
Compromised target servers with web shells uploaded.
- Tony Kuo (CHT Security)
- Tree Chiu (CHT Security)