Moodle Login Bypass via Open-Session Folder

Hi,

Moodle login screen can bypass via hijacked(taken from session folder) sessionID.

Here is google dork: inurl:”/moodledata/sessions”
google link: https://www.google.com/#q=inurl:%22/moodledata/sessions%22

This entry was posted in Disclosure and tagged login bypass, moodle, session bug.

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Connecting to %s

%d bloggers like this:

	Paige Wilkins on 8 Adımda Wireless Hack (W…
	Wireless Penetration… on Wireless Penetration Testing C…
	Hakan Harbelioğlu on Android – Bankacılık Zar…
	osman on Wireless Penetration Testing C…
	ENVER KILIC on Android – Bankacılık Zar…

uceka