37baf23611
7 changes to exploits/shellcodes Moodle 3.10.3 - 'url' Persistent Cross Site Scripting GetSimple CMS My SMTP Contact Plugin 1.1.2 - CSRF to Stored XSS to RCE DzzOffice 2.02.1 - 'Multiple' Cross-Site Scripting (XSS) Sipwise C5 NGCP CSC - 'Multiple' Stored/Reflected Cross-Site Scripting (XSS) Sipwise C5 NGCP CSC - Click2Dial Cross-Site Request Forgery (CSRF)
17 lines
No EOL
943 B
Text
17 lines
No EOL
943 B
Text
# Exploit Title: Moodle 3.10.3 - 'url' Persistent Cross Site Scripting
|
|
# Date: 22/04/2021
|
|
# Exploit Author: UVision
|
|
# Vendor Homepage: https://moodle.org/
|
|
# Software Link: https://download.moodle.org
|
|
# Version: 3.10.3
|
|
# Tested on: Debian/Windows 10
|
|
|
|
By having the role of a teacher or an administrator or a manager (to have the possibility to create a course):
|
|
|
|
- Create a new course (http://localhost/moodle/course/edit.php?category=1&returnto=topcat)
|
|
- Give any name , short name, date and other things required.
|
|
- In "Description" field, click on the "link" button
|
|
- In the url field, enter the payload : <img src=1 href=1 onerror="javascript:alert(1)"></img>
|
|
- Create the link, an alert window appears (close it several times so that it disappears) , save the course. ("Save and return")
|
|
|
|
Each time the course description is displayed, the stored xss is activated : activate it by viewing the course, by modifying it, etc. |