Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-47926

CSRF and XSS in mod/lti/registrationreturn.php

    XMLWordPrintable

    Details

    • Testing Instructions:
      Hide
      1. Go to: Site administration / ► Plugins / ► Activity modules / ► LTI / ► Manage External Tool Registrations
      2. Add a new tool (you can use this url: http://lti.tools/test/tp.php )
      3. The new tool should show up in the "Configured" tab
      4. Send admin to a malicious webpage with an image like this:

      <img src="http://yoursite/mod/lti/registration.php?id=1" width="0" height="0"/>

      1. Go back to the Manage External Tool Registrations page and verify the tool has not been shifted into the "pending" tab.

      Now - shift the tool into pending tab by clicking on the "Register" icon from the configured tab

      Repeat the img fudgery above with url

      http://yoursite/mod/lti/registrationreturn.php?id=1&top=1

      And verify the tool does not switch from "pending" to "active"

      Finally:

      Repeat all the testing instructions from MDL-45843

      Show
      Go to: Site administration / ► Plugins / ► Activity modules / ► LTI / ► Manage External Tool Registrations Add a new tool (you can use this url: http://lti.tools/test/tp.php ) The new tool should show up in the "Configured" tab Send admin to a malicious webpage with an image like this: <img src="http://yoursite/mod/lti/registration.php?id=1" width="0" height="0"/> Go back to the Manage External Tool Registrations page and verify the tool has not been shifted into the "pending" tab. Now - shift the tool into pending tab by clicking on the "Register" icon from the configured tab Repeat the img fudgery above with url http://yoursite/mod/lti/registrationreturn.php?id=1&top=1 And verify the tool does not switch from "pending" to "active" Finally: Repeat all the testing instructions from MDL-45843
    • Affected Branches:
      MOODLE_28_STABLE
    • Fixed Branches:
      MOODLE_28_STABLE

      Description

      1/ where is sesskey?
      2/ where are headers when printing custom <html ? this can lead to XSS via UTF7 especially in combination with CSRF in 1/

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Fix Release Date:
                10/Nov/14