Many educational websites are using Moodle which is vulnerable to RXSS and according to shodan more than 50K websites are using this technology. Moodle is a learning platform designed to provide educators, administrators, and learners with a single robust, secure and integrated system to create personalized learning environments. This was founded by @PewGrand
What is XSS?
Cross-site scripting is a type of security vulnerability typically found in web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.
Steps To Hunt For This Bug:
- Search on shodan.io
http.component:Moodle
2. Select the target you want to test, Lets say mytarget.com
3. Now just add the vulnerable end point with XSS payload to the target.
4. Ex. https://mytarget.com/mod/lti/auth.php?redirect_uri=javascript:alert('DarkLotus')
5. If the website is vulnerable then you will see that XSS will pop up on your computer screen.
Thank You so much for reading my blog and for more #bugbountytips follow me on Twitter @DarkLotusKDB