CVE-2007-3555

Moodle 1.7.1 - Cross-Site Scripting via Search Parameter Style Expression

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-3555. PoCs published by MustLive.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in Moodle 1.7.1 by injecting malicious JavaScript via the 'search' parameter. The payload uses the 'expression' method to execute arbitrary code in the context of the victim's browser.

Description

Cross-site scripting (XSS) vulnerability in index.php in Moodle 1.7.1 allows remote attackers to inject arbitrary web script or HTML via a style expression in the search parameter, a different vulnerability than CVE-2004-1424.

Exploits (1)

exploitdb WORKING POC VERIFIED

by MustLive · textwebappsphp

https://www.exploit-db.com/exploits/30261

View Code ZIP pw:eip

This exploit demonstrates a cross-site scripting (XSS) vulnerability in Moodle 1.7.1 by injecting malicious JavaScript via the 'search' parameter. The payload uses the 'expression' method to execute arbitrary code in the context of the victim's browser.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Moodle 1.7.1

No auth needed

Prerequisites: Victim must visit a crafted URL

MITRE ATT&CK