Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-52271

Prevent web installer from appearing in search results if abandoned

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.7.11, 2.8.9, 2.9.3, 3.0.1
    • Fix Version/s: 2.9.4, 3.0.1
    • Component/s: Installation
    • Labels:
      None
    • Testing Instructions:
      Hide
      1. Try out the installer (you'll need no config.php)
      2. VERIFY: Search the html and ensure that a meta tag appears in the html matching https://support.google.com/webmasters/answer/93710?hl=en
      3. Ensure installer works
      Show
      Try out the installer (you'll need no config.php) VERIFY: Search the html and ensure that a meta tag appears in the html matching https://support.google.com/webmasters/answer/93710?hl=en Ensure installer works
    • Affected Branches:
      MOODLE_27_STABLE, MOODLE_28_STABLE, MOODLE_29_STABLE, MOODLE_30_STABLE
    • Fixed Branches:
      MOODLE_29_STABLE, MOODLE_30_STABLE

      Description

      Mehdi Dadkhah <dadkhah80@gmail.com> reported:

      We found new web vulnerability and your CMS may be vulnerable to it. We prepared a report which introduce this vulnerability. We will public this vulnerability in 1 December 2015. Please patch your CMS.

      The report was not particularly clear and mostly spoke about wordpress, however I do think it raised an issue we should do something about:

      Googleable installers

        Attachments

        1. MDL-52271-27.mdk.patch
          1 kB
        2. MDL-52271-28.mdk.patch
          1 kB
        3. MDL-52271-29.mdk.patch
          1 kB
        4. MDL-52271-30.mdk.patch
          1 kB
        5. MDL-52271-master.mdk.patch
          1 kB
        6. RIV Vulnerability by Dadkhah.pdf
          967 kB

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Fix Release Date:
                21/Dec/15