Created
March 11, 2024 17:02
-
-
Save fir3storm/f9c7f3ec1a6496498517ed216d2640b2 to your computer and use it in GitHub Desktop.
Cross-Site Scripting (XSS) in MOODLE 3.10.9
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Vulnerability Description: Cross-Site Scripting (XSS) in MOODLE 3.10.9 | |
Affected Product: MOODLE | |
Affected Version(s): 3.10.9 (Versions prior to 3.11.4 might also be affected) | |
CVE ID: Not assigned (hypothetical) | |
Description: | |
A Cross-Site Scripting (XSS) vulnerability exists in the way MOODLE version 3.10.9 handles user input within the "GET /?lang=" URL parameter. This parameter is likely used to specify the user's preferred language for the MOODLE interface. | |
An attacker could potentially craft a malicious URL containing a specially crafted script that is executed by the user's browser when they access the link. This script could then perform various malicious actions within the user's browser context, depending on the attacker's intent. | |
Potential Impacts: | |
Stealing Session Cookies: An attacker could steal the user's session cookie, allowing them to impersonate the user and gain access to their MOODLE account and potentially sensitive information. | |
Modifying User Data: The attacker could inject malicious scripts that modify the user's data within MOODLE, such as changing grades or assignments. | |
Defacing the Web Interface: The attacker could inject scripts that deface the MOODLE web interface, displaying misleading information or propaganda. | |
Launching Phishing Attacks: The attacker could redirect the user to a phishing website designed to steal their login credentials for other services. | |
Exploitation POC: | |
The Payload - https://postimg.cc/ykv9WXmH | |
The outcome - https://postimg.cc/87Gp8qJk | |
Remediation: | |
Implement server-side input validation to sanitize all user-provided input within the "lang" parameter before processing it. This ensures that any malicious scripts are properly escaped and rendered harmless. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
adding the images here so if postimg.cc deletes it it will still be usefull
The Payload - https://postimg.cc/ykv9WXmH
The outcome - https://postimg.cc/87Gp8qJk