Moodle
Learn & practice AWS Hacking:
HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: 
HackTricks Training GCP Red Team Expert (GRTE)
Bug bounty tip: sign up for Intigriti, a premium bug bounty platform created by hackers, for hackers! Join us at https://go.intigriti.com/hacktricks today, and start earning bounties up to $100,000!
Automatic Scans
droopescan
moodlescan
CMSMap
CVEs
I found that the automatic tools are pretty useless finding vulnerabilities affecting the moodle version. You can check for them in https://snyk.io/vuln/composer:moodle%2Fmoodle
RCE
You need to have manager role and you can install plugins inside the "Site administration" tab**:**
If you are manager you may still need to activate this option. You can see how ins the moodle privilege escalation PoC: https://github.com/HoangKien1020/CVE-2020-14321.
Then, you can install the following plugin that contains the classic pentest-monkey php rev shell (before uploading it you need to decompress it, change the IP and port of the revshell and crompress it again)
Or you could use the plugin from https://github.com/HoangKien1020/Moodle_RCE to get a regular PHP shell with the "cmd" parameter.
To access launch the malicious plugin you need to access to:
POST
Find database credentials
Dump Credentials from database
Bug bounty tip: sign up for Intigriti, a premium bug bounty platform created by hackers, for hackers! Join us at https://go.intigriti.com/hacktricks today, and start earning bounties up to $100,000!
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Last updated