Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-36393 PoC — Moodle SQL注入漏洞

Source
https://github.com/T0X1Cx/CVE-2021-36393-Exploit
Associated Vulnerability
Title:Moodle SQL注入漏洞 (CVE-2021-36393)
Description:Moodle是一套免费、开源的电子学习软件平台,也称课程管理系统、学习管理系统或虚拟学习环境。 Moodle 存在SQL注入漏洞,该漏洞源于获取用户最近课程的库中用户提供的数据没有经过充分的处理。远程用户可以向受影响的应用程序发送特殊设计的请求,并在应用程序数据库中执行任意SQL命令。受影响的产品及版本如下:Moodle: 3.9.0、3.9.1、3.9.2、3.9.3、3.9.4、3.9.5、3.9.6、3.9.7、3.10.0、3.10.1、3.10.2、3.10.3、3.10.4、3.11、3.11
Description
This script demonstrates a time-based blind SQL injection on Moodle platforms, exploiting response delays to extract data.
Readme

# CVE-2021-36396 Exploit

## Description
This repository holds a Python-based exploit targeting CVE-2021-36393, a severe vulnerability found within Moodle's recent courses feature. The flaw resides in the 'sort' parameter, enabling SQL injection attacks that can lead to unauthorized database access. Rated 9.8 on the CVSS scale, exploiting this vulnerability requires minimal privileges, such as a student role, and significantly compromises data confidentiality and integrity.

Affected Versions:
 - 3.11, 3.10 to 3.10.4, 3.9 to 3.9.7 and earlier unsupported versions

## Installation
To use this exploit, you need to have Python installed on your system. Clone this repository and install the required dependencies:

```bash
git clone https://github.com/T0X1Cx/CVE-2021-36393-Exploit.git
cd CVE-2021-36393-Exploit
pip install -r requirements.txt
```

## Usage
Run the exploit using the following command:

```bash
python3 exploit.py
```

**Note on Injection Point and Request Data Modification:**
The current implementation of this exploit is designed to extract the database name and the name and hash of the first user created in Moodle. Depending on your specific requirements or the target system, you may need to modify the injection point and the request data within the exploit code. This involves adapting the SQL injection payload and potentially altering the HTTP request format to match the target system's expectations. Careful analysis of the target system's behavior is required to tailor the exploit effectively.

## Disclaimer
This exploit is provided for educational and ethical testing purposes only. The use of this exploit for attacking targets without prior mutual consent is illegal. The author is not responsible for any damage caused by using this exploit.

## Credits
Exploit developed by Julio Ángel Ferrari (Aka. T0X1Cx)
File Snapshot

 [4.0K]  /data/pocs/e13a56e3234dcb469914ab932efdc620ac95d6f0
├── [2.4K]  exploit.py
├── [1.8K]  README.md
└── [  20]  requirements.txt

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.