{"id":22799900,"url":"https://github.com/chocapikk/cve-2023-30943","last_synced_at":"2025-07-02T16:38:00.960Z","repository":{"id":193287620,"uuid":"688500004","full_name":"Chocapikk/CVE-2023-30943","owner":"Chocapikk","description":"A Python-based tool to detect the CVE-2023-30943 vulnerability in Moodle, which allows unauthorized folder creation via specially crafted requests in TinyMCE loaders.","archived":false,"fork":false,"pushed_at":"2023-09-07T13:27:09.000Z","size":4,"stargazers_count":11,"open_issues_count":0,"forks_count":3,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-04-20T17:22:47.930Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Chocapikk.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2023-09-07T13:25:55.000Z","updated_at":"2025-02-14T17:11:48.000Z","dependencies_parsed_at":"2023-09-07T14:43:18.171Z","dependency_job_id":null,"html_url":"https://github.com/Chocapikk/CVE-2023-30943","commit_stats":null,"previous_names":["chocapikk/cve-2023-30943"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/Chocapikk/CVE-2023-30943","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Chocapikk%2FCVE-2023-30943","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Chocapikk%2FCVE-2023-30943/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Chocapikk%2FCVE-2023-30943/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Chocapikk%2FCVE-2023-30943/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Chocapikk","download_url":"https://codeload.github.com/Chocapikk/CVE-2023-30943/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Chocapikk%2FCVE-2023-30943/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":263176826,"owners_count":23425834,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-12T07:10:11.604Z","updated_at":"2025-07-02T16:38:00.936Z","avatar_url":"https://github.com/Chocapikk.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# CVE-2023-30943 Vulnerability Scanner\n\nThis tool detects a vulnerability in Moodle as described in the [NVD](https://nvd.nist.gov/vuln/detail/CVE-2023-30943).\n\n## Description\n\nMoodle contains a vulnerability due to the way it handles TinyMCE loaders. The application allows a user to dictate the folder creation path. A remote attacker can exploit this by sending a crafted HTTP request, enabling arbitrary folder creation on the system.\n\n## Installation\n\n1. Ensure you have Python 3.10 installed.\n2. Clone or download this repository.\n3. Install the required libraries:\n```bash\npip install -r requirements.txt\n```\n\n## Usage\n\n### Basic Commands:\n\nScan a single URL for vulnerability:\n```bash\npython3.10 exploit.py -u [TARGET_URL]\n```\n\nScan multiple URLs from a file:\n```bash\npython3.10 exploit.py -f [FILE_CONTAINING_URLs]\n```\n\n### Using Leakix:\n\nIf you want to fetch URLs from Leakix based on leaks, you must first:\n\n1. Modify the `LEAKIX_API_KEY` variable in the script `exploit.py` with your Leakix API Key.\n2. If you have a Pro API key, you can use the `--bulk` mode:\n```bash\npython3.10 exploit.py --leakpy --bulk\n```\n3. For non-Pro users, specify the number of pages you want to retrieve using the `--pages` argument:\n```bash\npython3.10 exploit.py --leakpy --pages [NUMBER_OF_PAGES]\n```\n\n### Other Options:\n\n- Save results to an output file:\n```bash\npython3.10 exploit.py -u [TARGET_URL] -o [OUTPUT_FILENAME]\n```\n\n- To see a full list of command-line options:\n```bash\npython3.10 exploit.py -h\n```","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchocapikk%2Fcve-2023-30943","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fchocapikk%2Fcve-2023-30943","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchocapikk%2Fcve-2023-30943/lists"}