This tool detects a vulnerability in Moodle as described in the NVD.
Moodle contains a vulnerability due to the way it handles TinyMCE loaders. The application allows a user to dictate the folder creation path. A remote attacker can exploit this by sending a crafted HTTP request, enabling arbitrary folder creation on the system.
- Ensure you have Python 3.10 installed.
- Clone or download this repository.
- Install the required libraries:
pip install -r requirements.txt
Scan a single URL for vulnerability:
python3.10 exploit.py -u [TARGET_URL]
Scan multiple URLs from a file:
python3.10 exploit.py -f [FILE_CONTAINING_URLs]
If you want to fetch URLs from Leakix based on leaks, you must first:
- Modify the
LEAKIX_API_KEY
variable in the scriptexploit.py
with your Leakix API Key. - If you have a Pro API key, you can use the
--bulk
mode:
python3.10 exploit.py --leakpy --bulk
- For non-Pro users, specify the number of pages you want to retrieve using the
--pages
argument:
python3.10 exploit.py --leakpy --pages [NUMBER_OF_PAGES]
- Save results to an output file:
python3.10 exploit.py -u [TARGET_URL] -o [OUTPUT_FILENAME]
- To see a full list of command-line options:
python3.10 exploit.py -h