Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-36396 PoC — Moodle 代码问题漏洞

Source
https://github.com/T0X1Cx/CVE-2021-36396-Exploit
Associated Vulnerability
Title:Moodle 代码问题漏洞 (CVE-2021-36396)
Description:In Moodle, insufficient redirect handling made it possible to blindly bypass cURL blocked hosts/allowed ports restrictions, resulting in a blind SSRF risk.
Description
This script demonstrates a time-based blind SQL injection on Moodle platforms, exploiting response delays to extract data.
Readme

# CVE-2021-36396 Exploit

## Description
This repository holds a Python-based exploit targeting CVE-2021-36393, a severe vulnerability found within Moodle's recent courses feature. The flaw resides in the 'sort' parameter, enabling SQL injection attacks that can lead to unauthorized database access. Rated 9.8 on the CVSS scale, exploiting this vulnerability requires minimal privileges, such as a student role, and significantly compromises data confidentiality and integrity.

Affected Versions:
 - 3.11, 3.10 to 3.10.4, 3.9 to 3.9.7 and earlier unsupported versions

## Installation
To use this exploit, you need to have Python installed on your system. Clone this repository and install the required dependencies:

```bash
git clone https://github.com/T0X1Cx/CVE-2021-36393-Exploit.git
cd CVE-2021-36393-Exploit
pip install -r requirements.txt
```

## Usage
Run the exploit using the following command:

```bash
python3 exploit.py
```

**Note on Injection Point and Request Data Modification:**
The current implementation of this exploit is designed to extract the database name and the name and hash of the first user created in Moodle. Depending on your specific requirements or the target system, you may need to modify the injection point and the request data within the exploit code. This involves adapting the SQL injection payload and potentially altering the HTTP request format to match the target system's expectations. Careful analysis of the target system's behavior is required to tailor the exploit effectively.

## Disclaimer
This exploit is provided for educational and ethical testing purposes only. The use of this exploit for attacking targets without prior mutual consent is illegal. The author is not responsible for any damage caused by using this exploit.

## Credits
Exploit developed by Julio Ángel Ferrari (Aka. T0X1Cx)
File Snapshot

 [4.0K]  /data/pocs/c1be4eed22c28fb5e752f32db3c7af85545c8fd8
├── [2.4K]  exploit.py
├── [1.8K]  README.md
└── [  20]  requirements.txt

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →