Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
Moodle 2.7 Persistent XSS - exploit.company
header-logo
Suggest Exploit
vendor:
Moodle
by:
Osanda Malith Jayathissa
7.5
CVSS
HIGH
Persistent XSS
79
CWE
Product Name: Moodle
Affected Version From: Moodle 2.7
Affected Version To: Moodle 2.7.1
Patch Exists: YES
Related CWE:
CPE: a:moodle:moodle:2.7
Metasploit:
Other Scripts:
Platforms Tested:
2014

Moodle 2.7 Persistent XSS

The vulnerability allows an attacker to inject malicious code into the Skype ID field of a user's profile, leading to a persistent XSS attack.

Mitigation:

Upgrade to Moodle 2.7.1 or later which includes the necessary patches.
Source

Exploit-DB raw data:

Title: Moodle 2.7 Persistent XSS
Vendor: https://moodle.org/
Moodle advisory: https://moodle.org/mod/forum/discuss.php?d=264265
Researched by: Osanda Malith Jayathissa (@OsandaMalith)
E-Mail: osanda[cat]unseen.is
Original write-up: http://osandamalith.wordpress.com/2014/07/25/moodle-2-7-persistent-xss/

[-] POC
================

1. Edit your profile
2. Click Optional
3. In Skype ID field inject this payload

x" onload="prompt('XSS by Osanda')">"

[-] Disclosure Timeline
========================

2014-05-24: Responsibly disclosed to the Vendor
2014-05-27: Suggested a fix
2014-06-04: Fix got accepted
2014-07-21: Vendor releases a security announcement 
2014-07-24: Released Moodle 2.7.1 stable with all patches

Navigation

Suggest Exploit

Services By CQR