HackTheBox - Schooled

Moodle exploitation using CVEs

HackTheBox - Cereal (User)

Chaining XSS, SSRF, and deserialization vulnerabilities to get RCE