来源

关联漏洞

描述

SSRF to XSS - XSS to RCE Moodle

介绍

# PoC for CVE-2025-26529 – Moodle XSS to RCE Exploit

This is a Proof of Concept (PoC) demonstrating the SSRF to XSS → XSS to RCE vulnerability chain in Moodle.

## Overview

I’ve uploaded all the necessary files to demonstrate the full chain of exploitation:
1. **SSRF to XSS**
2. **Grabbing the admin cookie**
3. **Using the admin cookie to achieve Remote Code Execution (RCE) in Moodle**

Tested on Moodle version **4.4.5 (Build: 20241209)**.

## Important Instructions

Before proceeding, **make sure to carefully review the files**. You'll need to modify certain elements like your **IP address**.

## PoC Video

For a step-by-step walkthrough, I’ve also uploaded a video demonstrating the exploit:

[PoC for CVE-2025-26529](https://youtu.be/WUUBz1Pq-o4)

## Mitigation Recommendations

To mitigate this vulnerability:
- **Disable the guest user** in Moodle.
- **Update to the latest version** of Moodle.

## Credits

Special thanks to **p0dalirius**, from whom I got the plugin used to upload and gain Remote Code Execution in Moodle.

文件快照

 [4.0K]  /data/pocs/72f7371356246d9cbd2253630001c005b08cfc39
├── [4.6K]  console.py
├── [ 252]  cookie.js
├── [ 11K]  moodle_webshell.zip
├── [1.0K]  README.md
├── [1.1K]  server.py
├── [ 306]  steal.php
└── [ 218]  xss_redirect.php

0 directories, 7 files

备注