![]() ![]() # Note: This was successfully tested against a windows install however it should work with linux. "Referer": " + target + "/ATutor/mods/_core/languages/language_import.php", Print "- Example: %s admin mypassword 'whoami'" % sys.argv Print "- Discovery / PoC by liquidsky (JMcPeters) ^^" ![]() ![]() Print "- ATutor 2.2.4 Arbitrary File Upload / RCE " # Notes: This application is no longer being maintained so there is no fix for this issue. # resulting in remote code execution via a "." pathname in a ZIP archive to the mods/_core/languages/language_import.php (aka Import New Language) or mods/_standard/patcher/index_admin.php (aka Patcher) component. # Description: ATutor 2.2.4 allows Arbitrary File Upload and Directory Traversal # Tested on: Windows 8 / Apache / MySQL (XAMPP) # Exploit Title: ATutor 2.2.4 'language_import' Arbitrary File Upload / RCE See the Question Banke for information about exporting questions without the associated test definition.Change Mirror Download #!/usr/bin/env python These packages can be imported back into ATutor, or into other QTI conformant systems. Export Tests & Surveys Choose a test from the Tests & Survey Manager, then click on the Export button to package that test in an IMS QTI 1.2 test package. Note that if the test is included as part of a content package, then it should be imported using the Content Import/Export utility. Import Tests & Surveys Complete tests including the test definition, as well as their questions, or just the questions without their test definition, can be imported from IMS QTI 1.2 test packages using the Import Test feature at the top of the Tests & Surveys Manager. Once a test or survey has been created, add questions to the Question Bank, and then add these questions to the new test. There are a variety of options for defining tests like setting the release date, and using randomized questions or group-specific tests. The instructor, and assistants with test privileges, can create tests and surveys to be administered to enrolled students. This section has not yet been translated to your requested language. ![]()
0 Comments
Leave a Reply. |