Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Moodle - Cross-Site Scripting" module is designed to detect a cross-site scripting vulnerability in Moodle, a popular learning management system. This module specifically targets Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, and 3.8 to 3.8.8. It is a medium severity vulnerability that can potentially allow attackers to inject malicious scripts into web pages viewed by users.
A successful exploitation of the cross-site scripting vulnerability in Moodle can lead to various consequences, including:
- Unauthorized access to sensitive information - Manipulation of user data - Phishing attacks - Defacement of web pages - Execution of arbitrary code on the user's browserThe "Moodle - Cross-Site Scripting" module works by sending a specific HTTP request to the target Moodle instance and analyzing the response. The module checks for the presence of certain patterns in the response body, status code, and headers to determine if a cross-site scripting vulnerability exists.
Here is an example of the HTTP request sent by the module:
GET /mod/lti/auth.php?redirect_uri=javascript:alert('{%randTextAlphanumeric(10)%}') HTTP/1.1
Host: [target Moodle instance]
The module then applies the following matching conditions:
- Checks if the response body contains the strings "{{randstr}}" and "<form action=\"javascript:alert" - Verifies that the response status code is 200 (OK) - Ensures that the response headers include the string "text/html"If all the matching conditions are met, the module reports the presence of the cross-site scripting vulnerability.