Skip to main content


Showing posts with the label eMLi

XSS Vulnerability in Multiple eMLi Products

Cross Site Scripting Vuulnerability in core-eMLi in eMLi V1.0 allows an Attacker to send malicious code, generally in the form of a browser-side script, to a different
end user.What is Cross Site Scripting ?Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.
Impact Scenario :     1. Account Hijacking      2. Website Defacement      3. Stealing Credentials      4. Sensitive Data Leak
Affected Versions : eMLi : School Management - 1.0
               eMLi : College Campus Management - 1.0
               eMLi : University Management - 1.0
Vulnerability Rep…

Path Traversal Vulnerability in eMLi Portal [CVE-2017-7258]

Hello Everyone,  This is my first vulnerability disclosure in public. If you have any suggestions regarding this feel free toemail me.

            HTTP Exploit in eMLi Portal allows an Attacker to View Restricted Information or (even more seriously) Execute powerful commands on the web server which can lead to a full compromise of the system via Directory Path Traversal. 

What is Directory Path Traversal ?A Directory Path Traversal attack aims to access files and directories that are stored on Web Server.  By manipulating file paths, it is possible to access arbitrary files, Application Source Code, System Configurations and Critical System Files.