[VIM] Moodle <= 1.8.4 Remote Code Execution Exploit
jericho at attrition.org
Mon Sep 8 09:43:50 UTC 2008
On Fri, 5 Sep 2008, George A. Theall wrote:
: FYI, while looking into milw0rm 6356, I notice the underlying issue is in the
: KSES library it uses. The project addressed the issue earlier this year; eg,
: SecurityFocus created BID 30995 for the issues covered by milw0rm 6356,
: yet they also have BID 28599, which covers the code execution issue in
: KSES as well as a couple of other issues, so 30995 would seem to be a
BID 30995 is for multiple remote file inclusions in Moodle and references
the milw0rm exploit under 'exploit' (well, not reference, copies the code
from?). I assume this is KSES based code based on the /lib/kses.php
BID 28599 is for kses multiple input validation vulns, but the discussion
covers XSS and references previous BID 28424 and 28121.
OSVDB 43677 covers the XSS weakness, but we didn't have an entry for the
RFI (and to confirm, the $injection_points array is for each unique script
vulnerable right?). We will make one to cover this and cross-ref Milw0rm
6356 / BID 30995.
Based on the two BIDs, they don't seem to be a dupe to me though as one is
for RFI, the other for XSS?
More information about the VIM