OLIB 7 WebView (infile) Local File Inclusion Vulnerability

Credit: ZeN
Risk: Low
Local: No
Remote: Yes

CVSS Base Score: 4/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8/10
Exploit range: Remote
Attack complexity: Low
Authentication: Single time
Confidentiality impact: Partial
Integrity impact: None
Availability impact: None

Security Advisory for 'OLIB 7 Webview' This software is apart of Moodle. Software - OLIB 7 WebView v2.5.1.1 Exploit - LFI Severity - High Author - ZeN website - http://dusecurity.com/ Date - 2nd October 2008 DUSecurity Team / DarkCode Exploit > http://olib.site.com/cgi/?session=[session_key]&infile=[LFI] files in dir - get_settings.ini, setup.ini(contains config file locations), text.ini Info - You need to login to get a valid session key. ------------------ Extraz : Moodle Permanent XSS In Moodle blogging system, simply make a new blog entry with the title <script>alert()</script> Now everyone that visits the bloggins system with execute your XSS. Go get some cookies =D Enjoy! ------------------ Shouts :- DUSecurity.com DarkCode.me iWannaHack WL-Group



Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com


Back to Top