Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-52271

Prevent web installer from appearing in search results if abandoned

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • 2.7.11, 2.8.9, 2.9.3, 3.0.1
    • 2.9.4, 3.0.1
    • Installation
    • None
    • MOODLE_27_STABLE, MOODLE_28_STABLE, MOODLE_29_STABLE, MOODLE_30_STABLE
    • MOODLE_29_STABLE, MOODLE_30_STABLE
    • Hide
      1. Try out the installer (you'll need no config.php)
      2. VERIFY: Search the html and ensure that a meta tag appears in the html matching https://support.google.com/webmasters/answer/93710?hl=en
      3. Ensure installer works
      Show
      Try out the installer (you'll need no config.php) VERIFY: Search the html and ensure that a meta tag appears in the html matching https://support.google.com/webmasters/answer/93710?hl=en Ensure installer works

    Description

      Mehdi Dadkhah <dadkhah80@gmail.com> reported:

      We found new web vulnerability and your CMS may be vulnerable to it. We prepared a report which introduce this vulnerability. We will public this vulnerability in 1 December 2015. Please patch your CMS.

      The report was not particularly clear and mostly spoke about wordpress, however I do think it raised an issue we should do something about:

      Googleable installers

      Attachments

        1. MDL-52271-27.mdk.patch
          1 kB
        2. MDL-52271-28.mdk.patch
          1 kB
        3. MDL-52271-29.mdk.patch
          1 kB
        4. MDL-52271-30.mdk.patch
          1 kB
        5. MDL-52271-master.mdk.patch
          1 kB
        6. RIV Vulnerability by Dadkhah.pdf
          967 kB

        Activity

          People

            poltawski Dan Poltawski
            poltawski Dan Poltawski
            John Okely John Okely
            David Monllaó David Monllaó
            Adrian Greeve Adrian Greeve
            Matteo Scaramuccia, David Woloszyn, Huong Nguyen, Jake Dallimore, Meirza, Michael Hawkins, Raquel Ortega, Safat Shahin, Stevani Andolo
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:
              21/Dec/15