Non-core contributed modules

Potential SQL-Inject Issue

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Critical Critical
  • Resolution: Fixed
  • Affects Version/s: 1.8.2
  • Fix Version/s: 1.8
  • Component/s: Block: Mrbs
  • Labels:
    None
  • Environment:
    Uncertain

Description

Hi,

A colleague passed along the following link to a potential security issue with Moodle 1.8.2. We cannot locate this "ing/blocks/mrdb/" path, so are not certain where in the stack the issue may surface, if at all. Might this be an add-on? (Apologies if this is a repeat of another issue: I did a search and could not find it.)

http://www.securityfocus.com/archive/1/485434

PATH/moodle/ing/blocks/mrbs/code/web/view_entry.php?id=[SQL]&day=27&month=10&year=2007

And a POC:

PATH/moodle/ing/blocks/mrbs/code/web/view_entry.php?id=2000%20UNION%20SELECT%20username,id,id,id,id,id,id,id,id,id,id,id%20FROM%20mdl_user%20WHERE%20id=[ID]&day=27&month=10&year=2007

Thanks,

Jim

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Anthony Borrow added a comment -

James - There was a SQL injection vulnerability with the MRBS (a contributed, aka: 3rd party) block. The vulnerability has been patched in the MRBS block and I have notified the developer of the MRBS program of the vulnerability. Moodle traditionally has done very well at avoiding SQL injection attacks and the patch utilizes Moodle functions designed to help avoid such vulnerabilities. Those using the MRBS block should upgrade to the latest version which patches the vulnerabilities listed in the report you have provided. Please feel free to let me know if you have any questions about how to upgrade the MRBS block. Peace - Anthony

Show
Anthony Borrow added a comment - James - There was a SQL injection vulnerability with the MRBS (a contributed, aka: 3rd party) block. The vulnerability has been patched in the MRBS block and I have notified the developer of the MRBS program of the vulnerability. Moodle traditionally has done very well at avoiding SQL injection attacks and the patch utilizes Moodle functions designed to help avoid such vulnerabilities. Those using the MRBS block should upgrade to the latest version which patches the vulnerabilities listed in the report you have provided. Please feel free to let me know if you have any questions about how to upgrade the MRBS block. Peace - Anthony
Hide
Permalink
Anthony Borrow added a comment -

When left unpatched, this issue represents a serious security risk and makes one's entire Moodle database vulnerable. I am changing the security level to none so that users may access this issue in the tracker. All users of the MRBS block are strongly encouraged to upgrade the MRBS to the latest code by using http://download.moodle.org/plugins/blocks/mrbs.zip.

Show
Anthony Borrow added a comment - When left unpatched, this issue represents a serious security risk and makes one's entire Moodle database vulnerable. I am changing the security level to none so that users may access this issue in the tracker. All users of the MRBS block are strongly encouraged to upgrade the MRBS to the latest code by using http://download.moodle.org/plugins/blocks/mrbs.zip.
Hide
Permalink
Anthony Borrow added a comment -

Closing all of my resolved issues. Peace - Anthony

Show
Anthony Borrow added a comment - Closing all of my resolved issues. Peace - Anthony

People

Vote (0)
Watch (0)

Dates

  • Created:
    Updated:
    Resolved:
Atlassian JIRA (v4.4.3#663-r165197) | Report a problem
Powered by a free Atlassian JIRA open source license for Moodle. Try JIRA - bug tracking software for your team.