Mass Hunting XSS — Moodle

What is Moodle?

How to Identify Moodle?

  • Wappalyzer
  • Favicon Icon
  • Subdomain (moodle.target.com)
Example

Shodan:

  • Search query: http.component:Moodle
  • Favicon Base: http.favicon.hash:-438482901

Shodan CLI:

  • shodan search “http.component:Moodle” — fields ip_str,port — separator “ “ | awk ‘{print $1”:”$2}’ | tee -a moodlehunt.txt
  • shodan search “http.favicon.hash:-438482901” — fields ip_str,port — separator “ “ | awk ‘{print $1”:”$2}’ | tee -a moodlehunt.txt

Google Dork:

  • inurl:”/login/index.php”

Exploitation:

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store