Moodle Hacking
You shouldn't looking for exploits that other people found and posted. Look at moodle sites for exploits that nobody has discovered yet.
I dunno if you were given access to one to play around with. I have the advantage of having instructor privileges and a handful of dev sites to test things on, but you may be able to find some stuff as a student. I would start in the discussion forums.
yea, that's what I want, find exploits on my own, but like i'm still learning i was googling around to see other exploits people have found to better understand how things work and get an idea of what happens in the back-end of moodle. I only have my student-user-account where i can access our courses' notes and other things, and we are given access to a blog of our own if we choose to use it.
Knowledge of PHP is a must for this.
The best way of finding an exploit in this, where you have access to the source anyway, is to set yourself up a test bed. It's pointless trying things at random and wasting time on thing that may not be vulnerable.
What I mean by "test bed" is set up a webserver on your machine. IE: Apache with PHP and MySQL on your local machine, download a copy of Moodle and set it up.
Then it's just a case of looking through the source code to find something that they have either overlooked or not protected sufficiently. Then mess around with any ideas, only edit the source to give you debug information (if need be).
Jim,
Last I checked, Moodle was bruteforceable - no lockout after too many tries, so you can do this,
I also noticed a checksum validator akin to Javascript16 on some pages to enter in classes, and multiple XSS vulns within class pages.
Do what you want tho :P the real fun is how you can fuck with your teacher legally.