Moodle 1.9.1 SQL injection attacks

Discuss the many weaknesses of browser security and ways to mitigate the threat

Moodle 1.9.1 SQL injection attacks

Post by cteq on Thu Nov 04, 2010 2:26 am
([msg=48532]see Moodle 1.9.1 SQL injection attacks[/msg])

Hi i want to know how much is Moodle really secure?
Can you access it... with SQL injection attacks,
login as admin perhaps?
cteq
New User
New User
 
Posts: 2
Joined: Tue May 25, 2010 9:29 am
Blog: View Blog (0)


Re: Moodle 1.9.1 SQL injection attacks

Post by Goatboy on Thu Nov 04, 2010 3:33 am
([msg=48534]see Re: Moodle 1.9.1 SQL injection attacks[/msg])

Try it out for yourself. Or Google for a vulnerability. I doubt anyone here is going to take the time to check this for you.
Assume that everything I say is or could be a lie.
1UHQ15HqBRZFykqx7mKHpYroxanLjJcUk
User avatar
Goatboy
Expert
Expert
 
Posts: 2782
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)


Re: Moodle 1.9.1 SQL injection attacks

Post by cteq on Tue Nov 23, 2010 11:06 am
([msg=49311]see Re: Moodle 1.9.1 SQL injection attacks[/msg])

i want to know is it possibleto bypass this Image
cteq
New User
New User
 
Posts: 2
Joined: Tue May 25, 2010 9:29 am
Blog: View Blog (0)


Re: Moodle 1.9.1 SQL injection attacks

Post by Goatboy on Tue Nov 23, 2010 4:06 pm
([msg=49326]see Re: Moodle 1.9.1 SQL injection attacks[/msg])

That picture cannot be bypassed. kthxbai.
Assume that everything I say is or could be a lie.
1UHQ15HqBRZFykqx7mKHpYroxanLjJcUk
User avatar
Goatboy
Expert
Expert
 
Posts: 2782
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)


Re: Moodle 1.9.1 SQL injection attacks

Post by fabianhjr on Tue Nov 23, 2010 5:42 pm
([msg=49338]see Re: Moodle 1.9.1 SQL injection attacks[/msg])

If i remember correctly it give a hint of the first later. Later you can guess it.

Moodle is focused on usability and security. No single XSS/XSRF/FI/SQLi vulnerability as far as I know.
Download the source and read it. ;)
Donate bitcoins to me! [1DhRP3hHgmSLQdRTZyT8VPTmzAj7Z2rsGA]
Dunno what bitcoins are? BitcoinMe
fabianhjr
Poster
Poster
 
Posts: 286
Joined: Tue Sep 21, 2010 7:48 pm
Blog: View Blog (0)


Re: Moodle 1.9.1 SQL injection attacks

Post by alltheprettyhorses on Tue Nov 23, 2010 10:14 pm
([msg=49350]see Re: Moodle 1.9.1 SQL injection attacks[/msg])

Hmmm, I currently work for a local computer company that offer a website penetration test service. When I first joined Moodle used to be considered a bit of a joke, all the guys (and one female, who to be honest looked like a guy) who worked within pen-testing just saw it as easy money to be honest. The particular vulnerability was due to unsanitised input within SQL queries if I remember correctly, however, I have never been required to work with Moodle myself so naturally my input on recent versions is severly limited and you should pay close attention to anyone who posts regarding more recent experience.

Remember, the vulnerability I mentioned was in older versions of Moodle and (as I have already stated ) I personally haven't had to deal with a single instance of Moodle being used since I arrived...I can however ask those in the know what the particular vulnerability was (remember this will only apply to older versions unless people have dealt with it recently) if you have a serious interest in the subject...(please don't make me do this, it requires emailing the most arrogant computer experts on the planet.)

Alternatively you could just search it yourself, I'm certain someone will have published some info somewhere for those willing to turn to the omnipotent diety known to use mere mortals as Google.

P.s. please forgive my spelling and grammar (even though i have proof-read this twice) I have no doubt they are appalling due to the vast amount of wine I have consumed... Twas' a glorious night.
"So this is how liberty dies; With thunderous applause..."
User avatar
alltheprettyhorses
New User
New User
 
Posts: 42
Joined: Sun Sep 05, 2010 10:17 am
Blog: View Blog (0)



Return to Web

Who is online

Users browsing this forum: No registered users and 0 guests