https://github.com/stackoverflowexcept1on/cve-2021-36393

Error-based blind SQL injection with bit-shifting approach for Moodle 3.10.4
https://github.com/stackoverflowexcept1on/cve-2021-36393

blind-sql-injection cve moodle sql-injection vulnerability

Last synced: 8 months ago
JSON representation

Error-based blind SQL injection with bit-shifting approach for Moodle 3.10.4

• Host: GitHub
• URL: https://github.com/stackoverflowexcept1on/cve-2021-36393
• Owner: StackOverflowExcept1on
• Created: 2023-10-27T17:13:55.000Z (over 2 years ago)
• Default Branch: master
• Last Pushed: 2023-12-29T14:12:50.000Z (over 2 years ago)
• Last Synced: 2025-04-01T19:14:31.847Z (about 1 year ago)
• Topics: blind-sql-injection, cve, moodle, sql-injection, vulnerability
• Language: JavaScript
• Homepage:
• Size: 11.7 KB
• Stars: 3
• Watchers: 2
• Forks: 2
• Open Issues: 1
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
### CVE-2021-36393

Error-based blind SQL injection with bit-shifting approach for Moodle 3.10.4.

Allows an attacker to perform arbitrary database queries. For example, you can steal:

- test answers from the database

  Modify the [`script.js`](script.js) file and run it on route `/mod/quiz/attempt.php?attempt=...&cmid=...`

- user password hashes:

  ```sql

  (SELECT password FROM mdl_user WHERE id = 2 LIMIT 1)

  ```

- user sessions:

  ```sql

  (SELECT sid FROM mdl_sessions ORDER BY id DESC LIMIT 1)

  ```

### How to use it?

You must be logged in and enrolled in at least one course. The just copy the [`script.js`](script.js) code into your

browser console and run it on a website that has the vulnerable version of Moodle installed.

### How to check the installed version of Moodle?

```bash

DOMAIN="example.com"

curl -s https://$DOMAIN/lib/upgrade.txt | head

```