by vicarius
log in join community
by @secatgourity
03 Jul 2024
#existing_exploit_analysis

Analyze a CVE exploitation

publish

Analyzing exploit for Pre-Auth RCE in Moodle (CVE-2021-36394)

by @secatgourity
by @secatgourity
03 Jul 2024
#existing_exploit_analysis

Analyze a CVE exploitation

publish

Analyzing exploit for Pre-Auth RCE in Moodle (CVE-2021-36394)

CVEs

CVE-2021-36394
9.8 Critical Severity

Screenshots from the blog posts

images/cly46udkvvvmt1joidgxiahlu.jpgimages/cly46udkvvvmt1joidgxiahlu.jpg

Summary

In this post, we analyze a pre-auth RCE exploit script for Moodle (more specifically, the Shibboleth authentication module). We understand the limitations of the script, and understand its inner workings to pwn a vulnerable Moodle instance

Script link

GitHub - lavclash75/CVE-2021-36394-Pre-Auth-RCE-in-Moodle

Contribute to lavclash75/CVE-2021-36394-Pre-Auth-RCE-in-Moodle development by creating an account on GitHub.

image

Description

Tags

#RCE#exposed_to_RCE_attack#opensource#trending#php#Deserialization#code-injection#moodle#pre-auth

@secatgourity

190 posts

Total vcoins

0

Social media links

Comments (1)