browser-behavior

1 article
sort: new top best
clear filter
bug-bounty480 google297 xss277 microsoft249 facebook211 rce159 apple150 exploit136 bragging-post102 account-takeover98 malware94 csrf84 cve79 privilege-escalation74 authentication-bypass65 stored-xss65 writeup61 reflected-xss57 browser54 react53 ssrf51 phishing50 dos50 input-validation49 cloudflare49 access-control49 cross-site-scripting48 node46 aws46 smart-contract45 docker45 sql-injection45 ethereum44 defi43 web-security43 web-application42 supply-chain42 oauth41 web339 burp-suite36 lfi34 vulnerability-disclosure34 idor34 html-injection33 smart-contract-vulnerability32 race-condition32 clickjacking31 reverse-engineering31 information-disclosure30 csp-bypass30
0 8/10
Obtaining XSS using moodle featured and minor bugs
vulnerability

A technique to escalate self-XSS in Moodle into full XSS against arbitrary users by exploiting double session cookies with different paths combined with login CSRF or impersonation functionality, allowing arbitrary JavaScript execution in victim context for full account compromise.

xss cross-site-scripting self-xss csrf login-csrf session-fixation cookie-manipulation moodle privilege-escalation authentication-bypass html-injection javascript-execution browser-behavior php-security
Moodle Daniel Thatcher Chrome Firefox BurpSuite PHP
medium.com · devanshbatham/Awesome-Bugbounty-Writeups · 22 hours ago · details