Moodle Breaktime

Legal disclaimer: Usage of this tool for attacking targets without prior mutual consent is illegal. It is the end user’s responsibility to obey all applicable local, state and federal laws. The developer assume no liability and is not responsible for any misuse or damage caused by this tool.
Your ip :
Read about the vulnerability here :
Download the patch here :
Download the Official patch here :
if a someone is using this tool to DoS your website, contact me ASAP in [email protected]
Every request made by this tool send a "Origin" header to tell to sysadmins about the vul ( if the sysadmin already dont know )
Because of CORS this tool isn't reliable, USE DOSER.PY ( you can disable cors for this domain in you server )

Test the vul via ajax here :

Moodle url :
Scenario : - See which here > ( if you want to test the patch, just put "1" ) (If isnt patched and don't have the 25 files limit set "4")
Make a request each ? ms