Back to directory
WRITEUP #848

Playing Dominos with Moodle's Security (2/2)

XSSSelf-XSSAccount takeoverOAuthSecurity code review
by@YNizry(Yaniv Nizry)
Program
Moodle
Published
Aug 28, 2023
Added to HackDex
Sep 5, 2023
Read Full Writeuphttps://www.sonarsource.com/blog/playing-dominos-with-moodles-security-2/
RELATED WRITEUPS
Self-XSS to ATO via Site Features
XSSSelf-XSS
Self XSS + Login CSRF + OAuth = Account Takeover
Auth BypassAccount takeover
Basic HTTP Authentication Risk: Uncovering pyspider Vulnerabilities
XSSReflected XSS
Front-End Frameworks: When Bypassing Built-in Sanitization Might Backfire
XSSClient-side Path Traversal
Government Emails at Risk: Critical Cross-Site Scripting Vulnerability in Roundcube Webmail
XSSSecurity code review

Built with ❤️ by Shubham Rawat