CVE-2021-36394 PoC — Moodle 代码注入漏洞

Source

https://github.com/lavclash75/CVE-2021-36394-Pre-Auth-RCE-in-Moodle

Associated Vulnerability

Title:Moodle 代码注入漏洞 (CVE-2021-36394)
Description:Moodle是一套免费、开源的电子学习软件平台，也称课程管理系统、学习管理系统或虚拟学习环境。 Moodle 存在代码注入漏洞，该漏洞源于Shibboleth认证插件的输入验证不正确。远程攻击者可利用该漏洞发送专门设计的请求，并在目标系统上执行任意代码。受影响的产品及版本如下:Moodle: 3.9.0、3.9.1、3.9.2、3.9.3、3.9.4、3.9.5、3.9.6、3.9.7、3.10.0、3.10.1、3.10.2、3.10.3、3.10.4、3.11、3.11.0

Readme

# CVE-2021-36394-Pre-Auth-RCE-in-Moodle
### Vulnerability Introduction

`Moodle` is the most popular learning management system in the world. Start creating your eLearning website in minutes!

An unauthorized remote code execution vulnerability exists in the `Shibboleth` authentication module of `Moodle`. This is widely used in universities to allow students from one university to authenticate with other universities, allowing them to take external courses and have fun with others.



### Environment setup

````
git clone https://github.com/lavclash75/CVE-2021-36394-Pre-Auth-RCE-in-Moodle.git
cd "CVE-2021-36394 Pre-Auth RCE in Moodle"
docker-compose up -d
````

Then go to `docker` and change the file `/var/www/html/moodle-3.11.0/config.php`

````
$CFG->wwwroot = 'http://127.0.0.1';
````

Change the link above to your own, it must be a real address

File Snapshot


 [4.0K]  /data/pocs/c0b9f1d664a5adb199c3862d3a9346257249b1b2
├── [ 185]  docker-compose.yml
├── [2.0K]  exploit.py
└── [ 862]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!