Moodle 2.0.1 – ‘PHPCOVERAGE_HOME’ Cross-Site Scripting

Exploit Database
34 阅读

作者： AutoSec Tools

日期： 2011-02-01
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/35297/

source: https://www.securityfocus.com/bid/46085/info

Moodle is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this vulnerability may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.

Versions prior to Moodle 2.0.1 are vulnerable. 

http://www.example.com/moodle/lib/spikephpcoverage/src/phpcoverage.remote.top.inc.php?PHPCOVERAGE_HOME=[xss]

last Exploits
Moodle 2.0.1 – ‘PHPCOVERAGE_HOME’ Cross-Site Scripting的更多信息

Joomla! Component eventCal 1.6.4 – Blind SQL Injection：
D-Link DIR-8xx Routers – Leak Credentials：
User Registration & Login and User Management System v3.0 – SQL Injection (Unauthenticated)：
D-Link DSR-250N 3.12 – Denial of Service (PoC)：
SweetRice 1.5.1 – Cross-Site Request Forgery：
CodoForum 2.5.1 – Arbitrary File Download：
Joomla! Component ECommerce-WD 1.2.5 – SQL Injection：
Intelbras Telefone IP TIP200 LITE – Local File Disclosure：