Back to directory

WRITEUP #3561

Pre-Auth RCE in Moodle Part I - PHP Object Injection in Shibboleth

RCEPHP object injection

byJohannes Moritz

Program

Moodle

Published

Jul 27, 2021

Added to HackDex

Sep 15, 2022

Read Full Writeuphttps://haxolot.com/posts/2021/moodle_pre_auth_shibboleth_rce_part1/

▸ RELATED WRITEUPS

WordPress GiveWP POP to RCE (CVE-2024-5932)

RCEPHP pop chain

$4,998 Bounty Awarded and 100,000 WordPress Sites Protected Against Unauthenticated Remote Code Execution Vulnerability Patched in GiveWP WordPress Plugin

RCEPHP pop chain

Vulnerabilities in Open Source C2 Frameworks

RCEOS command injection

[2,500$ Bug Bounty Write-Up] Remote Code Execution (RCE) via unclaimed Node package

RCEDependency confusion

Attacking PowerShell CLIXML Deserialization

DeserializationInsecure deserialization

Built with ❤️ by Shubham Rawat