Back to directory
WRITEUP #3098

Pre-Auth RCE in Moodle Part II - Session Hijack in Moodle's Shibboleth

Auth BypassSession hijackingSession management issueAccount takeoverRCE
byJohannes Moritz
Program
Moodle
Published
Jan 10, 2022
Added to HackDex
Sep 15, 2022
Read Full Writeuphttps://haxolot.com/posts/2022/moodle_pre_auth_shibboleth_rce_part2/
RELATED WRITEUPS
Interesting Story of an Account Takeover Vulnerability
Auth BypassAccount takeover
Instagram and Meta 2FA Bypass by Unprotected Backup Code Retrieval in Accounts Center
Auth Bypass2FA / MFA bypass
Forced SSO Session Fixation
Auth BypassSSO
Account takeover on 8 years old public program
Auth BypassAccount takeover
Bucket Monopoly: Breaching AWS Accounts Through Shadow Resources
CloudRCE

Built with ❤️ by Shubham Rawat