Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-47926

CSRF and XSS in mod/lti/registrationreturn.php

    XMLWordPrintable

    Details

    • Testing Instructions:
      Hide
      1. Go to: Site administration / ► Plugins / ► Activity modules / ► LTI / ► Manage External Tool Registrations
      2. Add a new tool (you can use this url: http://lti.tools/test/tp.php )
      3. The new tool should show up in the "Configured" tab
      4. Send admin to a malicious webpage with an image like this:

      <img src="http://yoursite/mod/lti/registration.php?id=1" width="0" height="0"/>

      1. Go back to the Manage External Tool Registrations page and verify the tool has not been shifted into the "pending" tab.

      Now - shift the tool into pending tab by clicking on the "Register" icon from the configured tab

      Repeat the img fudgery above with url

      http://yoursite/mod/lti/registrationreturn.php?id=1&top=1

      And verify the tool does not switch from "pending" to "active"

      Finally:

      Repeat all the testing instructions from MDL-45843

      Show
      Go to: Site administration / ► Plugins / ► Activity modules / ► LTI / ► Manage External Tool Registrations Add a new tool (you can use this url: http://lti.tools/test/tp.php ) The new tool should show up in the "Configured" tab Send admin to a malicious webpage with an image like this: <img src="http://yoursite/mod/lti/registration.php?id=1" width="0" height="0"/> Go back to the Manage External Tool Registrations page and verify the tool has not been shifted into the "pending" tab. Now - shift the tool into pending tab by clicking on the "Register" icon from the configured tab Repeat the img fudgery above with url http://yoursite/mod/lti/registrationreturn.php?id=1&top=1 And verify the tool does not switch from "pending" to "active" Finally: Repeat all the testing instructions from MDL-45843
    • Affected Branches:
      MOODLE_28_STABLE
    • Fixed Branches:
      MOODLE_28_STABLE

      Description

      1/ where is sesskey?
      2/ where are headers when printing custom <html ? this can lead to XSS via UTF7 especially in combination with CSRF in 1/

        Attachments

          Activity

            People

            Assignee:
            damyon Damyon Wiese
            Reporter:
            skodak Petr Skoda
            Peer reviewer:
            Petr Skoda
            Integrator:
            Marina Glancy
            Tester:
            Ankit Agarwal
            Participants:
            Component watchers:
            Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Peter Dias
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Fix Release Date:
              10/Nov/14