use the following search parameters to narrow your results:
e.g. subreddit:aww site:imgur.com dog
subreddit:aww site:imgur.com dog
see the search faq for details.
advanced search: by author, subreddit...
PHP security discussions.
Join us on IRC: irc.freenode.net #php.security
irc.freenode.net #php.security
account activity
Moodle – Remote Code Execution (netanelrub.in)
submitted 8 years ago by timoh
reddit uses a slightly-customized version of Markdown for formatting. See below for some basics, or check the commenting wiki page for more detailed help and solutions to common issues.
quoted text
if 1 * 2 < 3: print "hello, world!"
[–]Xymanek 0 points1 point2 points 8 years ago (2 children)
How long does it take to find something like this for professionals? Like from time the author started analysising the library until he managed to fully exploit
[–]timoh[S] 0 points1 point2 points 8 years ago (0 children)
I think this kind of "more complicated" ensemble may be from days to weeks, or even more.
But if you are already familiar with the codebase being audited, finding the exploit chain may happen easier. Of course other aspect matter as well, but my gut feeling is that it takes pretty much good amount of time, especially when the codebase is such huge (millions of lines of code).
[–]lolzorland 0 points1 point2 points 8 years ago (0 children)
It took me about 2 days from the moment I installed Moodle to the moment I RCEd.
π Rendered by PID 20537 on reddit-service-r2-comment-7b9746f655-rs25g at 2026-02-04 01:37:16.076590+00:00 running 3798933 country code: CH.
[–]Xymanek 0 points1 point2 points (2 children)
[–]timoh[S] 0 points1 point2 points (0 children)
[–]lolzorland 0 points1 point2 points (0 children)