Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-47926

CSRF and XSS in mod/lti/registrationreturn.php

XMLWordPrintable

    • MOODLE_28_STABLE
    • MOODLE_28_STABLE
    • Hide
      1. Go to: Site administration / ► Plugins / ► Activity modules / ► LTI / ► Manage External Tool Registrations
      2. Add a new tool (you can use this url: http://lti.tools/test/tp.php )
      3. The new tool should show up in the "Configured" tab
      4. Send admin to a malicious webpage with an image like this:

      <img src="http://yoursite/mod/lti/registration.php?id=1" width="0" height="0"/>

      1. Go back to the Manage External Tool Registrations page and verify the tool has not been shifted into the "pending" tab.

      Now - shift the tool into pending tab by clicking on the "Register" icon from the configured tab

      Repeat the img fudgery above with url

      http://yoursite/mod/lti/registrationreturn.php?id=1&top=1

      And verify the tool does not switch from "pending" to "active"

      Finally:

      Repeat all the testing instructions from MDL-45843

      Show
      Go to: Site administration / ► Plugins / ► Activity modules / ► LTI / ► Manage External Tool Registrations Add a new tool (you can use this url: http://lti.tools/test/tp.php ) The new tool should show up in the "Configured" tab Send admin to a malicious webpage with an image like this: <img src="http://yoursite/mod/lti/registration.php?id=1" width="0" height="0"/> Go back to the Manage External Tool Registrations page and verify the tool has not been shifted into the "pending" tab. Now - shift the tool into pending tab by clicking on the "Register" icon from the configured tab Repeat the img fudgery above with url http://yoursite/mod/lti/registrationreturn.php?id=1&top=1 And verify the tool does not switch from "pending" to "active" Finally: Repeat all the testing instructions from MDL-45843

      1/ where is sesskey?
      2/ where are headers when printing custom <html ? this can lead to XSS via UTF7 especially in combination with CSRF in 1/

        1. 0001-MDL-47926-LTI-Fix-missing-sesskey-checks-and-add-con.patch
          3 kB

            damyon Damyon Wiese
            skodak Petr Skoda
            Petr Skoda Petr Skoda
            Marina Glancy Marina Glancy
            Ankit Agarwal Ankit Agarwal
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.