Hello!! everyone, I had already created one on this topic using Shodan in Part-1 and now let's find this vulnerability again through Spyse.
Many educational websites are using Moodle which is vulnerable to RXSS and according to Spyse more than 84K domains and 41K IPs are using this technology. Moodle is a learning platform designed to provide educators, administrators, and learners with a single robust, secure and integrated system to create personalized learning environments. This was founded by @PewGrand
What is XSS?
Cross-site scripting is a type of security vulnerability typically found in web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.
Steps To Hunt For This Bug:
- Navigate to https://spyse.com/ and click on “Advanced Search”
2. Click on the “Add Filter” option and select “Name” under the “Technology”
3. Type “Moodle” under the “Contains” option and hit the “Apply” button.
4. Select the target you want to test, Let's say mytarget.com
5. Now just add the vulnerable endpoint with XSS payload to the target.
6. Ex. https://mytarget.com/mod/lti/auth.php?redirect_uri=javascript:alert('DarkLotus')
7. If the website is vulnerable then you will see that XSS will pop up on your computer screen.
This blog credit goes to @SypseHQ @_markroze @mark_m0nk
Thank You so much for reading my blog and for more #bugbountytips follow me on Twitter @DarkLotusKDB
Happy Hacking ❤
