Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-36393 PoC — Moodle SQL注入漏洞

Source
https://github.com/StackOverflowExcept1on/CVE-2021-36393
Associated Vulnerability
Title:Moodle SQL注入漏洞 (CVE-2021-36393)
Description:In Moodle, an SQL injection risk was identified in the library fetching a user's recent courses.
Description
Error-based blind SQL injection with bit-shifting approach for Moodle 3.10.4
Readme
### CVE-2021-36393

Error-based blind SQL injection with bit-shifting approach for Moodle 3.10.4.

Allows an attacker to perform arbitrary database queries. For example, you can steal:

- test answers from the database

  Modify the [`script.js`](script.js) file and run it on route `/mod/quiz/attempt.php?attempt=...&cmid=...`

- user password hashes:
  ```sql
  (SELECT password FROM mdl_user WHERE id = 2 LIMIT 1)
  ```

- user sessions:
  ```sql
  (SELECT sid FROM mdl_sessions ORDER BY id DESC LIMIT 1)
  ```

### How to use it?

You must be logged in and enrolled in at least one course. The just copy the [`script.js`](script.js) code into your
browser console and run it on a website that has the vulnerable version of Moodle installed.

### How to check the installed version of Moodle?

```bash
DOMAIN="example.com"
curl -s https://$DOMAIN/lib/upgrade.txt | head
```
File Snapshot

 [4.0K]  /data/pocs/6059dd4f806ea03a406039343e2224fa10e6665a
├── [1.3K]  keep_session.js
├── [ 877]  README.md
└── [4.3K]  script.js

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →