Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Moodle - Cross-Site Scripting

By kannthu

Medium
Vidoc logoVidoc Module
#moodle#xss
Description

What is "Moodle - Cross-Site Scripting?"

The "Moodle - Cross-Site Scripting" module is designed to detect a cross-site scripting vulnerability in Moodle, a popular learning management system. This module specifically targets Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, and 3.8 to 3.8.8. It is a medium severity vulnerability that can potentially allow attackers to inject malicious scripts into web pages viewed by users.

Impact

A successful exploitation of the cross-site scripting vulnerability in Moodle can lead to various consequences, including:

- Unauthorized access to sensitive information - Manipulation of user data - Phishing attacks - Defacement of web pages - Execution of arbitrary code on the user's browser

How the module works?

The "Moodle - Cross-Site Scripting" module works by sending a specific HTTP request to the target Moodle instance and analyzing the response. The module checks for the presence of certain patterns in the response body, status code, and headers to determine if a cross-site scripting vulnerability exists.

Here is an example of the HTTP request sent by the module:

GET /mod/lti/auth.php?redirect_uri=javascript:alert('{%randTextAlphanumeric(10)%}') HTTP/1.1
Host: [target Moodle instance]

The module then applies the following matching conditions:

- Checks if the response body contains the strings "{{randstr}}" and "<form action=\"javascript:alert" - Verifies that the response status code is 200 (OK) - Ensures that the response headers include the string "text/html"

If all the matching conditions are met, the module reports the presence of the cross-site scripting vulnerability.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/mod/lti/auth.php?re...
Matching conditions
word: {{randstr}}, <form action="javascript:al...and
status: 200and
word: text/html
Passive global matcher
No matching conditions.
On match action
Report vulnerability