Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-52271

Prevent web installer from appearing in search results if abandoned

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.7.11, 2.8.9, 2.9.3, 3.0.1
    • Fix Version/s: 2.9.4, 3.0.1
    • Component/s: Installation
    • Labels:
      None
    • Testing Instructions:
      Hide
      1. Try out the installer (you'll need no config.php)
      2. VERIFY: Search the html and ensure that a meta tag appears in the html matching https://support.google.com/webmasters/answer/93710?hl=en
      3. Ensure installer works
      Show
      Try out the installer (you'll need no config.php) VERIFY: Search the html and ensure that a meta tag appears in the html matching https://support.google.com/webmasters/answer/93710?hl=en Ensure installer works
    • Affected Branches:
      MOODLE_27_STABLE, MOODLE_28_STABLE, MOODLE_29_STABLE, MOODLE_30_STABLE
    • Fixed Branches:
      MOODLE_29_STABLE, MOODLE_30_STABLE

      Description

      Mehdi Dadkhah <dadkhah80@gmail.com> reported:

      We found new web vulnerability and your CMS may be vulnerable to it. We prepared a report which introduce this vulnerability. We will public this vulnerability in 1 December 2015. Please patch your CMS.

      The report was not particularly clear and mostly spoke about wordpress, however I do think it raised an issue we should do something about:

      Googleable installers

        Attachments

        1. MDL-52271-27.mdk.patch
          1 kB
        2. MDL-52271-28.mdk.patch
          1 kB
        3. MDL-52271-29.mdk.patch
          1 kB
        4. MDL-52271-30.mdk.patch
          1 kB
        5. MDL-52271-master.mdk.patch
          1 kB
        6. RIV Vulnerability by Dadkhah.pdf
          967 kB

          Activity

            People

            Assignee:
            poltawski Dan Poltawski
            Reporter:
            poltawski Dan Poltawski
            Peer reviewer:
            John Okely
            Integrator:
            David Monllaó
            Tester:
            Adrian Greeve
            Participants:
            Component watchers:
            Matteo Scaramuccia, Andrew Nicols, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Fix Release Date:
              21/Dec/15