1337day-Exploits Posted October 12, 2021 Share Posted October 12, 2021 Moodle versions 3.9, 3.8 to 3.8.3, 3.7 to 3.7.6, 3.5 to 3.5.12, and earlier unsupported versions allow for a teacher to exploit chain to remote code execution. A bug in the privileges system allows a teacher to add themselves as a manager to their own class. They can then add any other users, and thus look to add someone with manager privileges on the system (not just the class). After adding a system manager, a loginas feature is used to access their account. Next the system is reconfigured to allow for all users to install an addon/plugin. Then a malicious theme is uploaded and creates an RCE. If all of that is a success, we revert permissions for managers to system default and remove our malicious theme. Manual cleanup to remove students from the class is required. This Metasploit module was tested against Moodle version 3.9. This is the hidden content, please Sign In or Sign Up Link to comment Share on other sites More sharing options...
.png.e337492d02c345db2116506bc63cff1d.png.0dc0909174d6ced1d5ff3c1bbf051030.png)
.png.e337492d02c345db2116506bc63cff1d.png)
Hack Tools Resurrection
1337day-Exploits
Recommended Posts