Share 
## https://sploitus.com/exploit?id=B34D36B5-F9B4-55C4-A00A-AAE2E32E28B1
# πŸ›‘οΈ CVE-2025-26529 Exploitability PoC β€” UNISA Exclusive

This repository contains a comprehensive **Proof-of-Concept (PoC)** scanner and exploitation framework targeting **CVE-2025-26529**, a critical XSS vulnerability in vulnerable Moodle instances.
This tool is designed specifically for **UNISA’s Moodle portal** (`https://mymodules.dtls.unisa.ac.za`) and must **only** be used under proper authorization and compliance with legal and institutional guidelines.

---

## ⚠️ DISCLAIMER

> πŸ”΅ **Authorized Use Only**
> This PoC is intended **exclusively for authorized UNISA cyber incident response and audit teams**.
> Misuse of this tool may lead to **criminal prosecution**.
> Developed by **ScaryByte**, in collaboration with UNISA teams.

---

## 🚨 CVE Details

* **CVE-ID:** CVE-2025-26529
* **Type:** Reflected and DOM-based Cross-Site Scripting (XSS)
* **Impact:** Credential theft, session hijack, clickjacking, remote JS injection
* **Affected Software:** Moodle-based e-learning systems (core and unpatched plugins)
* **Attack Vector:** User input passed unsanitized to HTML context on vulnerable query routes

---

## πŸ”§ Requirements

Ensure Python 3.10+ is installed. Use a **virtualenv** for best isolation.

```bash
sudo apt update && sudo apt install -y python3-pip chromium-driver
python3 -m venv venv-xss
source venv-xss/bin/activate
pip install -r requirements.txt
```

### `requirements.txt`

```txt
requests
beautifulsoup4
selenium
```

---

## πŸ” Features

* βœ… CVE-2025-26529 reflected XSS payload testing
* βœ… DOM-based XSS detection using `MutationObserver`
* βœ… Cookie extraction and session hijack simulation
* βœ… Clickjacking iframe PoC generation
* βœ… Admin panel exposure verification
* βœ… Selenium-based rendering of DOM-XSS payloads

---

## πŸ“‚ Files

| File                    | Description                                |
| ----------------------- | ------------------------------------------ |
| `xss_checker.py`        | Main PoC script                            |
| `clickjack_poc.html`    | Generated iframe-based clickjacking attack |
| `dom_xss_poc.html`      | DOM XSS PoC with MutationObserver listener |
| `cve2025_full_scan.log` | Full exploit scan log                      |
| `requirements.txt`      | Python dependencies                        |

---

## 🧲 Usage

Run the scanner from an authorized Kali Linux instance:

```bash
python3 xss_checker.py
```

Expected output:

* Status of publicly exposed files
* Payload reflection confirmation
* Cookies sniffed via `Set-Cookie` headers
* Admin panel accessibility
* DOM XSS PoC auto-loaded in headless browser

---

## πŸ§ͺ DOM XSS PoC Preview

```html
<script>
  new MutationObserver((mutations) => {
    alert("DOM XSS Detected: " + document.body.innerHTML);
  }).observe(document.body, { childList: true, subtree: true });
</script>
```

---

## 🧬 Next Steps

* βœ… Validate PoC against staging and production environments.
* β†Ί Extend to perform **authenticated session simulation**.
* πŸ” Integrate with **BurpSuite proxy** for full visibility.

---

## πŸ“› Legal Notice

This tool is part of a **UNISA vulnerability verification mandate** for CVE-2025-26529.
You are **not authorized** to use this PoC on any domain **except `mymodules.dtls.unisa.ac.za`** unless explicitly permitted.

---

## 🀝 Credits

* πŸ’€ Maintained by [ScaryByte](https://scarybyte.online)

---