SSRF to XSS - XSS to RCE Moodle# PoC for CVE-2025-26529 – Moodle XSS to RCE Exploit
This is a Proof of Concept (PoC) demonstrating the SSRF to XSS → XSS to RCE vulnerability chain in Moodle.
## Overview
I’ve uploaded all the necessary files to demonstrate the full chain of exploitation:
1. **SSRF to XSS**
2. **Grabbing the admin cookie**
3. **Using the admin cookie to achieve Remote Code Execution (RCE) in Moodle**
Tested on Moodle version **4.4.5 (Build: 20241209)**.
## Important Instructions
Before proceeding, **make sure to carefully review the files**. You'll need to modify certain elements like your **IP address**.
## PoC Video
For a step-by-step walkthrough, I’ve also uploaded a video demonstrating the exploit:
[PoC for CVE-2025-26529](https://youtu.be/WUUBz1Pq-o4)
## Mitigation Recommendations
To mitigate this vulnerability:
- **Disable the guest user** in Moodle.
- **Update to the latest version** of Moodle.
## Credits
Special thanks to **p0dalirius**, from whom I got the plugin used to upload and gain Remote Code Execution in Moodle.
[4.0K] /data/pocs/72f7371356246d9cbd2253630001c005b08cfc39
├── [4.6K] console.py
├── [ 252] cookie.js
├── [ 11K] moodle_webshell.zip
├── [1.0K] README.md
├── [1.1K] server.py
├── [ 306] steal.php
└── [ 218] xss_redirect.php
0 directories, 7 files