Introduction

Xerte Online Toolkits is an Open-Source web application that supports content creation for online learning platforms and is written in PHP. I became aware of this software after some coworkers encountered this application during a red team engagement. In that particular instance, our client had inadvertently left the setup directory and scripts accessible on the internet. Since the application is open-source, I set up a test environment locally with Apache and MySQL. My primary focus was determining what threat the setup directories being exposed presented. The installation instructions explicitly advise against leaving this exposed publicly as it could be overwritten by subsequent operations. Ultimately, my research did not identify any non-destructive ways to exploit the setup scripts. Instead, I began to investigate other functions of the application in various user contexts. My investigation revealed some critical issues that could allow an attacker to gain remote code execution on the underlying host.