CVE-2022-35649 PoC — Moodle 输入验证错误漏洞

Source

https://github.com/antoinenguyen-09/CVE-2022-35649

Associated Vulnerability

Title:Moodle 输入验证错误漏洞 (CVE-2022-35649)
Description:The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code. An omitted execution parameter results in a remote code execution risk for sites running GhostScript versions older than 9.50. Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Description

Payload Generator and Detailed Analysis about CVE-2022-35649

Readme

# CVE-2022-35649

### Payload Generator (using Python 2) and Detailed Analysis for [CVE-2022-35649](https://nvd.nist.gov/vuln/detail/CVE-2022-35649)

### The PoC in python generates payload when exploited for a 0-day of GhostScript 9.50. This 0-day exploit affect to ImageMagick with the default settings from Ubuntu repository (Tested with default settings of ImageMagick on Ubuntu 20.04).

### This project is created only for educational purposes and cannot be used for law violation or personal gain.

### The author of this project is not responsible for any possible harm caused by the materials of this project.

### Read detailed analysis [here](https://antoinenguyen-09.hashnode.dev/cve-2022-35649-1-click-rce-in-moodle-v401).

File Snapshot


 [4.0K]  /data/pocs/8adf9e4141747489756a2b5199b16d1e1c3c60c6
├── [ 509]  payload_gen.py
└── [ 736]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!