StackOverflowExcept1on / CVE-2021-36393

Error-based blind SQL injection with bit-shifting approach for Moodle 3.10.4
3 stars 2 forks source link
cve moodle sql-injection vulnerability

CVE-2021-36393

Error-based blind SQL injection with bit-shifting approach for Moodle 3.10.4.

Allows an attacker to perform arbitrary database queries. For example, you can steal:

How to use it?

You must be logged in and enrolled in at least one course. The just copy the script.js code into your browser console and run it on a website that has the vulnerable version of Moodle installed.

How to check the installed version of Moodle?

DOMAIN="example.com"
curl -s https://$DOMAIN/lib/upgrade.txt | head