Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-3847 PoC — Moodle 安全漏洞

Source
https://github.com/danielthatcher/moodle-login-csrf
Associated Vulnerability
Title:Moodle 安全漏洞 (CVE-2019-3847)
Description:A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Users with the "login as other users" capability (such as administrators/managers) can access other users' Dashboards, but the JavaScript those other users may have added to their Dashboard was not being escaped when being viewed by the user logging in on their behalf.
Description
Scripts for exploiting MSA-18-0020 (CVE-2018-16854) and MSA-19-0004 (CVE-2019-3847)
Readme
This repository contains the files used in finding and exploiting two moodle bugs, MSA-18-0020 (CVE-2018-16854) and MSA-19-0004 (CVE-2019-3847), which leverage the ability for users to add JavaScript to their own dashboards. MSA-18-0020 relies on CSRF on the login form, whereas MSA-19-0004 requires an administrator to impersonate a user.

More details can be found in [this blog post](https://medium.com/@daniel.thatcher/obtaining-xss-using-moodle-features-and-minor-bugs-2035665989cc).

## Fixed moodle versions
* MSA-18-0020 (CVE-2018-16854): 3.6, 3.5.3, 3.4.6, 3.3.9, and 3.1.15.
* MSA-19-0004 (CVE-2019-3847): 3.6.3, 3.5.5, 3.4.8, and 3.1.17.
File Snapshot

 [4.0K]  /data/pocs/7565f3c056526362736751a0d3daccfaa997529a
├── [ 444]  attack.html
├── [ 625]  cookie.php
├── [4.3K]  moodle.js
├── [ 20K]  plugin.zip
├── [ 649]  README.md
├── [ 160]  recv.php
└── [4.0K]  shell
    ├── [2.8K]  block_shell.php
    ├── [4.0K]  db
    │   ├── [1.1K]  install.php
    │   ├── [1.1K]  uninstall.php
    │   ├── [1.3K]  upgradelib.php
    │   └── [1.5K]  upgrade.php
    ├── [4.0K]  lang
    │   └── [4.0K]  en
    │       └── [ 971]  block_shell.php
    ├── [ 34K]  LICENSE.md
    ├── [ 747]  README.md
    ├── [1.0K]  settings.php
    └── [1.1K]  version.php

4 directories, 16 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →