Scripts for exploiting MSA-18-0020 (CVE-2018-16854) and MSA-19-0004 (CVE-2019-3847)This repository contains the files used in finding and exploiting two moodle bugs, MSA-18-0020 (CVE-2018-16854) and MSA-19-0004 (CVE-2019-3847), which leverage the ability for users to add JavaScript to their own dashboards. MSA-18-0020 relies on CSRF on the login form, whereas MSA-19-0004 requires an administrator to impersonate a user.
More details can be found in [this blog post](https://medium.com/@daniel.thatcher/obtaining-xss-using-moodle-features-and-minor-bugs-2035665989cc).
## Fixed moodle versions
* MSA-18-0020 (CVE-2018-16854): 3.6, 3.5.3, 3.4.6, 3.3.9, and 3.1.15.
* MSA-19-0004 (CVE-2019-3847): 3.6.3, 3.5.5, 3.4.8, and 3.1.17.
[4.0K] /data/pocs/7565f3c056526362736751a0d3daccfaa997529a
├── [ 444] attack.html
├── [ 625] cookie.php
├── [4.3K] moodle.js
├── [ 20K] plugin.zip
├── [ 649] README.md
├── [ 160] recv.php
└── [4.0K] shell
├── [2.8K] block_shell.php
├── [4.0K] db
│ ├── [1.1K] install.php
│ ├── [1.1K] uninstall.php
│ ├── [1.3K] upgradelib.php
│ └── [1.5K] upgrade.php
├── [4.0K] lang
│ └── [4.0K] en
│ └── [ 971] block_shell.php
├── [ 34K] LICENSE.md
├── [ 747] README.md
├── [1.0K] settings.php
└── [1.1K] version.php
4 directories, 16 files