HTB - Schooled Write-up
Vulnerabilities/bad configurations exploited
1. XSS in Moodle LMS to steal Teacher session.
2. Moodle LMS privilege escalation from Teacher role to Manager role
(CVE-2020-14321).
3. Weak password/password re-use
4. User sudo