Back to directory
WRITEUP #3085

Moodle: Blind SQL Injection (CVE-2021-36393) and Broken Access Control (CVE-2021-36397)

SQL InjectionBroken Access Control
by@0xkasper(0xkasper)
Program
Moodle
Published
Jan 15, 2022
Added to HackDex
Sep 15, 2022
Read Full Writeuphttps://0xkasper.com/articles/moodle-sql-injection-broken-access-control.html
RELATED WRITEUPS
Directory Traversal, SQL Injection and Server-Side Request Forgery
SQL InjectionPath traversal
Breaking Down Barriers: Exploiting Pre-Auth SQL Injection In WhatsUp Gold - CVE-2024-6670
SQL InjectionReverse engineering
Bypassing airport security via SQL injection
SQL Injection
World of SELECT-only PostgreSQL Injections: (Ab)using the filesystem
SQL Injection
Vestaboard: Exploring Broken Access Controls and Privilege Escalation
Privilege EscalationBroken Access Control

Built with ❤️ by Shubham Rawat