Julio Ángel Ferrari (Aka. T0X1Cx)

6 exploits Active since Mar 2023
CVE-2021-36396 NOMISEC HIGH WORKING POC
Moodle - Blind Server-Side Request Forgery via Redirect Handling Bypass
In Moodle, insufficient redirect handling made it possible to blindly bypass cURL blocked hosts/allowed ports restrictions, resulting in a blind SSRF risk.
20 stars
CVSS 7.5
CVE-2024-28247 NOMISEC HIGH WORKING POC
Pi-hole < 5.18 - Authenticated Arbitrary File Read via Adlist Local File Update
The Pi-hole is a DNS sinkhole that protects your devices from unwanted content without installing any client-side software. A vulnerability has been discovered in Pihole that allows an authenticated user on the platform to read internal server files arbitrarily, and because the application runs from behind, reading files is done as a privileged user.If the URL that is in the list of "Adslists" begins with "file*" it is understood that it is updating from a local file, on the other hand if it does not begin with "file*" depending on the state of the response it does one thing or another. The problem resides in the update through local files. When updating from a file which contains non-domain lines, 5 of the non-domain lines are printed on the screen, so if you provide it with any file on the server which contains non-domain lines it will print them on the screen. This vulnerability is fixed by 5.18.
3 stars
CVSS 7.6
CVE-2024-34361 NOMISEC HIGH WORKING POC
Pi-hole <5.18.3 - Command Injection
Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. A vulnerability in versions prior to 5.18.3 allows an authenticated user to make internal requests to the server via the `gravity_DownloadBlocklistFromUrl()` function. Depending on some circumstances, the vulnerability could lead to remote command execution. Version 5.18.3 contains a patch for this issue.
1 stars
CVSS 8.5
CVE-2021-36393 INTHEWILD CRITICAL WORKING POC
Moodle <3.9.8 and 3.11.0-beta-3.11.1 - SQL Injection
In Moodle, an SQL injection risk was identified in the library fetching a user's recent courses.
CVSS 9.8
CVE-2021-36396 INTHEWILD HIGH WORKING POC
Moodle - Blind Server-Side Request Forgery via Redirect Handling Bypass
In Moodle, insufficient redirect handling made it possible to blindly bypass cURL blocked hosts/allowed ports restrictions, resulting in a blind SSRF risk.
CVSS 7.5
EIP-2026-109578 EXPLOITDB python WORKING POC
Moodle 3.10.1 - Authenticated Blind Time-Based SQL Injection - _sort_ parameter