Giters

Chocapikk / CVE-2023-30943

A Python-based tool to detect the CVE-2023-30943 vulnerability in Moodle, which allows unauthorized folder creation via specially crafted requests in TinyMCE loaders.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

CVE-2023-30943 Vulnerability Scanner

This tool detects a vulnerability in Moodle as described in the NVD.

Description

Moodle contains a vulnerability due to the way it handles TinyMCE loaders. The application allows a user to dictate the folder creation path. A remote attacker can exploit this by sending a crafted HTTP request, enabling arbitrary folder creation on the system.

Installation

  1. Ensure you have Python 3.10 installed.
  2. Clone or download this repository.
  3. Install the required libraries:
pip install -r requirements.txt

Usage

Basic Commands:

Scan a single URL for vulnerability:

python3.10 exploit.py -u [TARGET_URL]

Scan multiple URLs from a file:

python3.10 exploit.py -f [FILE_CONTAINING_URLs]

Using Leakix:

If you want to fetch URLs from Leakix based on leaks, you must first:

  1. Modify the LEAKIX_API_KEY variable in the script exploit.py with your Leakix API Key.
  2. If you have a Pro API key, you can use the --bulk mode:
python3.10 exploit.py --leakpy --bulk
  1. For non-Pro users, specify the number of pages you want to retrieve using the --pages argument:
python3.10 exploit.py --leakpy --pages [NUMBER_OF_PAGES]

Other Options:

  • Save results to an output file:
python3.10 exploit.py -u [TARGET_URL] -o [OUTPUT_FILENAME]
  • To see a full list of command-line options:
python3.10 exploit.py -h

About

A Python-based tool to detect the CVE-2023-30943 vulnerability in Moodle, which allows unauthorized folder creation via specially crafted requests in TinyMCE loaders.

Languages

Language:Python 100.0%