Easy XSS On Mostly Educational Websites Via Moodle

Many educational websites are using Moodle which is vulnerable to RXSS and according to shodan more than 50K websites are using this technology. Moodle is a learning platform designed to provide educators, administrators, and learners with a single robust, secure and integrated system to create personalized learning environments. This was founded by @PewGrand

What is XSS?

Cross-site scripting is a type of security vulnerability typically found in web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.

Steps To Hunt For This Bug:

  1. Search on shodan.io http.component:Moodle

2. Select the target you want to test, Lets say mytarget.com

3. Now just add the vulnerable end point with XSS payload to the target.

4. Ex. https://mytarget.com/mod/lti/auth.php?redirect_uri=javascript:alert('DarkLotus')

5. If the website is vulnerable then you will see that XSS will pop up on your computer screen.

Thank You so much for reading my blog and for more #bugbountytips follow me on Twitter @DarkLotusKDB

Leave a Reply