Scripts for exploiting MSA-18-0020 (CVE-2018-16854) and MSA-19-0004 (CVE-2019-3847)
This repository contains the files used in finding and exploiting two moodle bugs, MSA-18-0020 (CVE-2018-16854) and MSA-19-0004 (CVE-2019-3847), which leverage the ability for users to add JavaScript to their own dashboards MSA-18-0020 relies on CSRF on the login form, whereas MSA-19-0004 requires an administrator to impersonate a user More details can be found in this blog p